Focused vulnerability: SNIProxy has a remote code execution flaw

Focused vulnerability: SNIProxy has a remote code execution flaw

This vulnerability was identified by Keane O’Kelley of Cisco ASIG. The open-source software SNIProxy has a remote code execution flaw that can be exploited if the user uses wildcard backend hosts, according to Cisco ASIG.

Based on the hostname present in the TCP session’s initial request, SNIProxy proxies incoming HTTP and TLS connections. With the aid of this open-source tool, users can perform name-based HTTPS proxying without having to decrypt traffic or obtain a key or certificate.

Focused vulnerability: SNIProxy has a remote code execution flaw
Focused vulnerability: SNIProxy has a remote code execution flaw

When setting up SNIProxy, a user may encounter a remote code execution vulnerability (TALOS-2023-1731/CVE-2023-25076) if they use wildcard backend hosts. By sending a specially crafted HTTP, TLS, or DTLS packet to the target computer, an attacker could take advantage of this vulnerability and possibly cause a denial of service or gain access to the ability to execute remote code.

In accordance with Cisco’s vulnerability disclosure policy, Cisco Talos collaborated with the administrators of SNIProxy to ensure that these problems were fixed and that an update was accessible to users who were affected.

See more: Clipboard-Injector Attacks Aim to Swipe Your Crypto Wallets

Users of SNIProxy version 0.6.0-2 and SNIProxy (822bb80df9b7b345cc9eba55df74a07b498819ba) Master version are advised to update these affected products as soon as possible. These open-source tool versions can be taken advantage of by this vulnerability, according to Talos testing.

See more: The Tor browser installation contains malware that steals cryptocurrency

Exploitation attempts against this vulnerability will be found via the 61474 Snort rule. In the absence of new vulnerability information, further regulations could be provided in the future, and the ones that are already in place could change. Please refer or your Cisco Secure Firewall Management Center for the most recent rule information.


Author: Varsha Kumari

We hope you found article interesting. For more exclusive content follow us on FacebookTwitter and LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *