2024.07
Features/Enhancements
NodeZero AWS Pentest
- Gray-Box Pentest: Utilizes a role with read-only permissions to comprehensively assess the security of your AWS accounts.
NodeZero Azure Entra ID Pentest
- Gray-Box Pentest: Utilizes an injected Entra ID credential and a privileged Active Directory credential to analyze attack paths in your hybrid environment. Runs from a Docker host within your private enterprise network.
- Advanced Configuration Option: Entra ID App/Directory Role Privilege Escalation allows NodeZero to attempt privilege escalation by assigning new
Directory
orMS Graph App
Roles to compromised users or Service Principals.
- Advanced Configuration Option: Entra ID App/Directory Role Privilege Escalation allows NodeZero to attempt privilege escalation by assigning new
New Pentest Setup Workflow
- Run Test Full-Page UX: Clicking the Run Pentest button now presents a test category selection screen with four categories: Infrastructure Attack Surface, Identity Attack Surface, Operational Scenario Testing, and Rapid Response.
New Attack Content
GeoServer Vulnerabilities
- CVE-2021-40822: Server Side Request Forgery (SSRF) through proxy host settings in GeoServer versions 2.18.5 and 2.19.x up to 2.19.2.
- CVE-2024-36401: Critical Remote Code Execution (RCE) flaw allowing arbitrary code execution via unsafe XPath expression evaluation in OGC requests in GeoServer.
- CVE-2022-24816: Critical RCE vulnerability in GeoServer, permitting remote code execution through specially crafted web requests.
AWS Analysis Enhancements
- Lambda Function Code Extraction: Conducts analysis for sensitive information, including AWS credentials.
- EC2 Instance User Data Extraction: Analyzes for sensitive information, such as AWS keys.
- Improved User and Role Enumeration: Enhanced
aws_enum_users
andaws_enum_roles
modules with an expanded default list of users and roles for better efficiency and effectiveness.
Rapid Response Content and Tests
- CVE-2024-4883: Remote Code Execution in WhatsUp Gold versions released before 2023.1.3. This vulnerability does not require authentication.
- CVE-2024-5920: Palo Alto Expedition Admin Account Takeover. Allows an unauthenticated attacker to remotely reset the application administrator credentials to the default value.
- CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). This vulnerability, identified on July 1, 2024, involves a race condition that can cause sshd to handle some signals unsafely. It leads to unauthenticated remote code execution, granting full root access. This issue affects the default configuration and does not require user interaction, posing a significant exploit risk.
- CVE-2024-20419: Cisco Smart Software Manager On-Prem Account Takeover Vulnerability. Allows an unauthenticated, remote attacker to change the password of any user, including the default admin account. Impacts Cisco SSM On-Prem and Cisco SSM Satellite.
Other Enhancements
- Post-Processing Workflow: Updated to provide better scalability and resiliency.