These vulnerabilities have been assigned critical severity ratings by RedTeam Pentesting. In order to exploit this vulnerability, a remote attacker must send a malformed SIP INVITE message to the targeted system. An attacker can leverage this vulnerability to launch a denial of service attack against the targeted system.
RedTeam Pentesting discovered this vulnerability while performing analysis of VoIP systems. We discovered that in many VoIP systems, the Windows IKE extension is disabled by default. This makes it possible for an attacker to leverage this vulnerability by sending a SIP INVITE message to the targeted system. An attacker can leverage this vulnerability to launch a denial of service attack against the targeted system.
Mitigation
To mitigate this vulnerability, you should make sure that Windows IKE extension is enabled on your system. For instructions on how to enable this feature, follow the instructions provided here. In addition, if you are using SIP protocol in your VoIP system, make sure that Windows IKE Extension is enabled. Finally, make sure that SIP protocol is enabled on your system.
Windows IKE Extension
The Windows IKE Extension is a service that allows you to create and manage IPsec policies on your system. If this service is disabled on your system, it will not allow the creation of IPsec policies. This makes it possible for an attacker to leverage this vulnerability by sending a SIP INVITE message to the targeted system.
Microsoft Office and Outlook Web Apps – CVE-2023-21890
These vulnerabilities have been assigned critical severity ratings by RedTeam Pentesting. In order to exploit these vulnerabilities, an attacker must steal a cookie from the targeted system. An attacker can leverage this vulnerability to launch a denial of service attack against the targeted system.
RedTeam Pentesting discovered these vulnerabilities while performing analysis of Microsoft Office and Outlook Web Apps. We discovered that in both Microsoft Office and Outlook Web Apps, a stored cross-site scripting vulnerability exists in the URL handling mechanism which makes it possible for an attacker to leverage this vulnerability to launch a denial of service attack against the targeted system.
Mitigation
To mitigate this vulnerability, you should make sure that your web server is properly configured to prevent cross-site scripting attacks.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC