JSOF team together with Forescout Research Labs, have revealed a set of nine vulnerabilities related to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE).
This vulnerability set, known as NAME: WRECK, could potentially allow attackers to take target devices offline or take control over them.
The extensive use of these stacks, together with external exposure of the vulnerable DNS clients, affects a significantly increased attack surface.
Still, the most conservative estimates conclude that millions of devices are impacted by NAME: WRECK.
The attacker obtains Initial Access into an organization’s network (step 1) by compromising a device issuing DNS requests to a server on the internet. To obtain initial access, the attacker can exploit one of the RCEs affecting Nucleus NET. The compromise can happen, for instance, by weaponizing the exploitation.
After the initial access, the attacker can use the compromised entry point to set up an internal DHCP server and do a Lateral Movement (step 2) by executing malicious code on vulnerable internal FreeBSD servers broadcasting DHCP requests.
Finally, the attacker can use those internal compromised servers to Persist on the target network or to Exfiltrate data (step 3) via the internet-exposed IoT device.
Researchers estimate that at least 100 million devices are impacted by NAME: WRECK.
Therefore, it is noteworthy that when a stack has a vulnerable DNS client, there are often several vulnerabilities together, but the message compression anti-pattern stands out because it commonly leads to potential RCEs, as it is often associated with pointer manipulation and memory operations.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has…
An attacker published a malicious package on PyPI named "requests-darwin-lite," masquerading as a variant of…
Information such as financial records, customer information, and intellectual property that may be sold on…
AhnLab’s Mobile Analysis Team has uncovered a sophisticated new wave of romance scams that exploit…
The latest version of Nmap, the renowned network exploration tool and security scanner, 7.95, has…
Threat actors use black Basta ransomware because of its powerful abilities and inconspicuous moves. Data…