Cisco SD-WAN make-me-root bug under attack
Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month
Root access gives an attacker or administrator complete control of a Unix-like system, allowing changes to data, software, accounts, and security settings.
Search across headline titles and summaries.
Background for this topic.
Root access is unrestricted administrative control of a Unix or Linux system. The root account, or an equivalent privilege obtained through mechanisms such as sudo, can read or change nearly any file, alter system configuration, install software, and control running processes. Related uses of “root” may describe equivalent administrator privileges in containers, cloud workloads, network appliances, or mobile devices.
Because root privileges can bypass ordinary access controls, stolen administrative credentials or a vulnerability that enables privilege escalation can let an attacker modify security settings, access protected data, establish persistence, or disrupt the host. Organizations generally reduce exposure by disabling direct root login where practical, using named administrator accounts with least privilege, protecting privileged authentication with strong controls, and recording and reviewing elevation events. Vulnerability management should prioritize flaws that can grant local or remote root-level execution; during an incident, investigators must assess whether root access was obtained and treat the host’s integrity as potentially compromised.
Weekly headline count for the current query.
Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month
Remote, unauthenticated RCE with root privileges is about as bad as it gets
Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs
Fresh kernel flaw comes with public exploit code and continues ugly run of highly reliable privilege escalation bugs tied to memory and page-cache handling
Human IT managers thought they were being nice to the boss, but were assisting a threat actor
Human IT managers thought they were being nice to the boss, but were assisting a threat actor
Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE
Researchers dropped a reliable root exploit and it didn’t sit idle for long
Researchers dropped a reliable root exploit and it didn’t sit idle for long CISA is warning that a newly-disclosed Linux kernel bug dubbed "CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit.…
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it.…
Patches land for authencesn flaw enabling local privilege escalation
Patches land for authencesn flaw enabling local privilege escalation Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.…
Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…
CUPS server shown spilling out remote code execution and root access In the latest chapter on leaky CUPS, a security researcher and his band of bug-hunting agents have found two flaws that can be chained to allow an unauthenticated attacker to remotely execute code and achieve root file overwrite on the network.…
A rare joint alert from all five spy agencies means serious business The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.…
SolarWinds + file transfer software = what attackers' dreams are made of If you run SolarWinds’ Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can allow attackers to execute code as root.…
Critical vuln flew under the radar for a decade A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is "trivial" to exploit, experts say.…
Flaw in remote-access appliance lets attackers chain bugs for root-level takeover SonicWall has warned customers of a zero-day flaw in its SMA 1000 remote-access appliance that's being actively exploited, potentially allowing attackers to escalate privileges and take over boxes.…
Who wouldn't want root access on cluster master nodes? A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.…
The latest in a run of serious networking bugs gives attackers root if they have SNMP access Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.…