sb-eu logo
Story image

Xfinity left vulnerable to serious security threats - Swascan

Recently, the Swascan vulnerability team uncovered potential security vulnerabilities and notified Xfinity through their responsible disclosure program.

The vulnerabilities impacted all three pillars of the CIA triad:

  • Confidentiality;
  • Integrity;
  • Availability.

In detail, the vulnerabilities identified belonged to the following CWE categories:

CWE-126 (Buffer Over-read)

This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location.

This may result in the exposure of sensitive information or possibly a crash.

Possible impact: By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

CWE-20 (Improper Input Validation)

When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application.

This will lead to parts of the system receiving unintended input, which may result in an altered control flow, arbitrary control of a resource, or arbitrary code execution.

Possible impact: The attack using this class of vulnerabilities could compromise the availability of the target, where an attacker could provide unexpected values and cause a program crash or excessive consumption of resources, such as memory and CPU.

The confidentiality by reading confidential data if they are able to control resource references and all three categories (Integrity, Availability and Confidentiality) by using malicious input to modify data or possibly alter control flow in unexpected ways, including arbitrary command execution.

CWE-416 (Use After Free)

The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw.

The simplest way data corruption may occur involves the system’s reuse of the freed memory.

Use-after-free errors have two common and sometimes overlapping causes: error conditions and other exceptional circumstances, or confusion over which part of the program is responsible for freeing the memory.

In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed.

The original pointer to the freed memory is used again and points to somewhere within the new allocation.

As the data is changed, it corrupts the validly used memory; this induces undefined behaviour in the process.

If the newly allocated data chances to hold a class, in C++ for example, various function pointers may be scattered within the heap data.

If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.

Possible impact: An attack that uses a CWE-416-type vulnerability could have an effect on the integrity of the target system. 

This is because the use of previously freed memory may corrupt valid data if the memory area in question has been allocated and used properly elsewhere.

Availability could also be affected.

If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information.

It could also impact all three areas (integrity, availability and confidentiality).

If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code.

Story image
ThreatQuotient & Infoblox integrate threat intelligence capabilities
“Together, our integration eases the consumption of threat intelligence from various internal and external sources to ensure that intelligence is accurate, relevant and timely to an organisation’s business.”More
Story image
With cyber-threats continuing to evolve, organisations need to remain in the fight in 2021
Teams can make improvements in 2021 by having a more comprehensive understanding of the threats that are out there and defining how they conduct operations to offer flexibility to adapt better.More
Story image
Securing the 'next normal' — Check Point's cybersecurity predictions for 2021
“One of the few predictable things about cyber-security is that threat actors will always seek to take advantage of major events or changes – such as COVID-19, or the introduction of 5G – for their own gain."More
Story image
Forescout expands integrations with partner solutions
Expanded partnerships and integrations with Splunk, CrowdStrike and CyberArk allow for better IT and OT security posture for joint customers.More
Story image
DDoS attacks surge, becoming more sophisticated
After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. More
Story image
Kaspersky unveils two major update to its Transparency Initiative
The company has announced the opening of a new Transparency Center, as well as the ompletion of a widespread transferal of data storage and processing activities to Switzerland.More