Skip to content

2023.11

Features/Enhancements

New Attack Content

  • Added a Nuclei template for CVE-2023-20198 affecting Cisco IOS XE to check for weaknesses. This check does not provide direct proof; however, NodeZero will inspect the host for signs of implantation and show proof if found. The risk of exploitation is considered high despite no direct proof from this vulnerability check.
  • CVE-2023-4966: Addressing a vulnerability in Citrix NetScaler ADC and NetScaler Gateway. This unauthenticated buffer-related vulnerability may lead to sensitive information disclosure. NodeZero attempts memory dumping and session token extraction on affected devices.
  • CVE-2023-46604: Apache ActiveMQ is susceptible to Remote Code Execution (RCE). This vulnerability allows remote attackers to run arbitrary shell commands. It's recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3.
  • Updated Cyanide to include a static suffix 'H3N0' for easy log identification of NodeZero activity. Generated machine names will follow the format of WIN-XXXXXXXH3N0.
  • Extended implantation capabilities to RCE weaknesses requiring out-of-band interactions, such as Log4Shell.
  • CVE 2023-22515 - Confluence Auth Bypass/ Priv Esc: Vulnerability in Confluence Data Center and Confluence Server version 8.x before 8.3.3, 8.4.3, and 8.5.2. Allows unauthenticated RCE via Broken Access Control.
  • Added support for H3-2023-0023 exploitation on Windows and Unix hosts targeting apache-solr-file-read.
  • Enhanced Azure attack flow within NodeZero, including authentication with Azure Refresh and Azure Access Token.

Other Updates & Improvements

  • Added "Move Pentest" option in the pentest action menu for transferring pentests between parent and sub accounts.
  • External IPs: Introduced CSV download for IP addresses.
  • AD Password Audit: Implemented CSV download feature.
  • Added Known Ransomware Campaign Use in the weaknesses table and filtering options by alias and CISA tags.
  • Reporting: Redesigned Fix Actions PDF Report to include affected hosts with the weakness and fix actions.

Bug Fixes

  • Updated CVE-2022-21371 for better accuracy in vulnerability details, reducing false positives in Host Compromise impacts.
  • Resolved an AS-REP roasting issue that was causing user account lockouts.
  • Fixed a bug where HTTPX was inadvertently causing printers to print.
  • Improved BlueKeep vulnerability detection to more accurately exclude non-Windows hosts.
  • Removed H3-2023-0023 from Host Compromise impact.
  • h3-cli: Fixed an "API request failed" error that affected NodeZero Runners in the EU region after initial installation (restarting the Runner would typically resolve the issue).