December 6, 2023

Researchers at SentinelOne published details on a couple of critical RCE vulnerabilities discovered in Microsoft Defender for IoT, tracked as CVE-2021-42311 and CVE-2021-42313, with CVSS score of 10 related to a SQL injection attack.

Defender for IoT supports various IoT, OT, and ICSq devices, and can be deployed both on-premises and in the cloud.

Advertisements

The vulnerability, identified in the token validation process, CVE-2021-42313 exists because the UUID parameter isn’t sanitized and allowed them to insert, update, and execute SQL special commands. They came up with PoC code that exploits the bug to extract a logged-in user session ID from the database, which leads to complete account takeover.

These vulnerabilities are reported to Microsoft in June 2021 and fixed during December 2021 Patch Tuesday cycle

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023
%d