sb-au logo
Story image

Xfinity left vulnerable to serious security threats - Swascan

Recently, the Swascan vulnerability team uncovered potential security vulnerabilities and notified Xfinity through their responsible disclosure program.

The vulnerabilities impacted all three pillars of the CIA triad:

  • Confidentiality;
  • Integrity;
  • Availability.

In detail, the vulnerabilities identified belonged to the following CWE categories:

CWE-126 (Buffer Over-read)

This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location.

This may result in the exposure of sensitive information or possibly a crash.

Possible impact: By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

CWE-20 (Improper Input Validation)

When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application.

This will lead to parts of the system receiving unintended input, which may result in an altered control flow, arbitrary control of a resource, or arbitrary code execution.

Possible impact: The attack using this class of vulnerabilities could compromise the availability of the target, where an attacker could provide unexpected values and cause a program crash or excessive consumption of resources, such as memory and CPU.

The confidentiality by reading confidential data if they are able to control resource references and all three categories (Integrity, Availability and Confidentiality) by using malicious input to modify data or possibly alter control flow in unexpected ways, including arbitrary command execution.

CWE-416 (Use After Free)

The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw.

The simplest way data corruption may occur involves the system’s reuse of the freed memory.

Use-after-free errors have two common and sometimes overlapping causes: error conditions and other exceptional circumstances, or confusion over which part of the program is responsible for freeing the memory.

In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed.

The original pointer to the freed memory is used again and points to somewhere within the new allocation.

As the data is changed, it corrupts the validly used memory; this induces undefined behaviour in the process.

If the newly allocated data chances to hold a class, in C++ for example, various function pointers may be scattered within the heap data.

If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.

Possible impact: An attack that uses a CWE-416-type vulnerability could have an effect on the integrity of the target system. 

This is because the use of previously freed memory may corrupt valid data if the memory area in question has been allocated and used properly elsewhere.

Availability could also be affected.

If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information.

It could also impact all three areas (integrity, availability and confidentiality).

If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code.

Story image
Attivo Networks raises the stakes against 'Ransomware 2.0'
“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data."More
Story image
Cyber attacks keeping business leaders up at night, new research finds
Data breaches and insider threats are keeping organisations up at night, according to new research from KnowBe4, the security awareness training and simulated phishing platform.More
Story image
Cybersecurity spending slumps - but swift recovery expected
New research from GlobalData found that the industry will recover after this initial slump to be worth almost US$238 billion by 2030.More
Story image
Gartner recognises Pulse Secure for Zero Trust Network Access solution
In the market guide, Gartner states that ZTNA augments traditional VPN technologies for application access, and removes the excessive trust once required to allow employees and partners to connect and collaborate. More
Story image
Why enabling a remote workforce requires converging security at the edge
Fast-tracking an agile yet more secure remote workforce requires a recognition of the fundamental importance of cloud services and mobile access play for today’s users. More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More