Topic

MITM

A collection of 6 issues

CVE-2022-38988 The secure OS module has configuration defects

MITM attacks are possible. In some cases, the system may be completely compromised. Configuration and configuration settings of the system may be modified by an attacker. There is a risk of data corruption. It can be exploited by tricking administrator into visiting specially crafted website. An attacker may trick administrator

CVE-2022-26937 Windows Network File System Remote Code Execution Vulnerability.

This issue was discovered by NXP when they analyzed the firmware version on one of their products. They reported this issue to Juniper, who quickly patched their software. This issue was discovered by NXP when they analyzed the firmware version on one of their products. They reported this issue to

CVE-2022-1434 The OpenSSL 3.0 RC4-MD5 ciphersuite uses AAD as the MAC key, which is trivially predictable.

used. Due to the non-deterministic nature of IBM's implementation of the RC4-MD5 cipher, an attacker could potentially exploit this issue to generate traffic that appears as if it originates from any location, not just the location of the server. OpenSSL 3.0 is vulnerable to a variant of the BEAST

CVE-2022-0023 DNS proxy feature of PAN-OS can be exploited if the firewall is mishandled during an MITM attack.

The DNS proxy feature of PAN-OS is responsible for handling DNS requests forwarded to external DNS servers. A MITM can inject DNS records into the DNS proxy service to cause the service to restart unexpectedly, which causes all traffic to be dropped. This situation can be exploited by an attacker

CVE-2022-21296 Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition product.

through an application that sends requests to these APIs. The attacker needs to be able to control or manipulate the application in some way in order to exploit this vulnerability. If the attacker is able to control or manipulate an application that allows access to Oracle Java SE, Oracle GraalVM

CVE-2022-0235 node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

If you have a node-fetch app or a site that serves data from remote sources, you should consider updating your security practices so that you don’t accidentally expose sensitive information to anyone who has access to the server. It’s very easy for an attacker to intercept requests to