2023.11
Features/Enhancements
New Attack Content
- Added a Nuclei template for CVE-2023-20198 affecting Cisco IOS XE to check for weaknesses. This check does not provide direct proof; however, NodeZero will inspect the host for signs of implantation and show proof if found. The risk of exploitation is considered high despite no direct proof from this vulnerability check.
- CVE-2023-4966: Addressing a vulnerability in Citrix NetScaler ADC and NetScaler Gateway. This unauthenticated buffer-related vulnerability may lead to sensitive information disclosure. NodeZero attempts memory dumping and session token extraction on affected devices.
- CVE-2023-46604: Apache ActiveMQ is susceptible to Remote Code Execution (RCE). This vulnerability allows remote attackers to run arbitrary shell commands. It's recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3.
- Updated Cyanide to include a static suffix 'H3N0' for easy log identification of NodeZero activity. Generated machine names will follow the format of WIN-XXXXXXXH3N0.
- Extended implantation capabilities to RCE weaknesses requiring out-of-band interactions, such as Log4Shell.
- CVE 2023-22515 - Confluence Auth Bypass/ Priv Esc: Vulnerability in Confluence Data Center and Confluence Server version 8.x before 8.3.3, 8.4.3, and 8.5.2. Allows unauthenticated RCE via Broken Access Control.
- Added support for H3-2023-0023 exploitation on Windows and Unix hosts targeting apache-solr-file-read.
- Enhanced Azure attack flow within NodeZero, including authentication with Azure Refresh and Azure Access Token.
Other Updates & Improvements
- Added "Move Pentest" option in the pentest action menu for transferring pentests between parent and sub accounts.
- External IPs: Introduced CSV download for IP addresses.
- AD Password Audit: Implemented CSV download feature.
- Added Known Ransomware Campaign Use in the weaknesses table and filtering options by alias and CISA tags.
- Reporting: Redesigned Fix Actions PDF Report to include affected hosts with the weakness and fix actions.
Bug Fixes
- Updated CVE-2022-21371 for better accuracy in vulnerability details, reducing false positives in Host Compromise impacts.
- Resolved an AS-REP roasting issue that was causing user account lockouts.
- Fixed a bug where HTTPX was inadvertently causing printers to print.
- Improved BlueKeep vulnerability detection to more accurately exclude non-Windows hosts.
- Removed H3-2023-0023 from Host Compromise impact.
- h3-cli: Fixed an "API request failed" error that affected NodeZero Runners in the EU region after initial installation (restarting the Runner would typically resolve the issue).