CVE-2021-4228
published 2022-10-24CVE-2021-4228: Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This…
PriorityP351high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
EPSS
9.95%
95.0th percentile
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lanner_inc | iac-ast2500a | — | — |
| lannerinc | iac-ast2500_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Qualys
6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment
blogs_qualys·2021-12-20·CVSS 10.0
CVE-2021-44228 [CRITICAL] 6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment
## Table of Contents
How the Exploit Works
Key Points
Prevent Future Attacks
Free 30 Days of Qualys Multi-Vector EDR
In recent days, the cybersecurity industry has been rapidly assessing the full impact of the Log4Shell (CVE-2021-44228 and CVE-2021-45046) vulnerability. Many organizations are quickly trying to figure out whether this vulnerability is within their environment, and where. The next question a security operations team will ask is if its presence has been exploited. This is critical to answer quickly given Log4Shell’s high severity, the pervasiveness of Java, and its ease of exploitation.
## Free Trial
## Get 30 Days of Qualys Multi-Vector EDR Free
In a previous blog we discussed how to mitigate the threat of this vulnerability via a patch or configuration change. Now l
Qualys
6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment | Qualys
blogs_qualys·2021-12-20·CVSS 10.0
CVE-2021-44228 [CRITICAL] 6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment | Qualys
#### Table of Contents
- How the Exploit Works
- Key Points
- Prevent Future Attacks
- Free 30 Days of Qualys Multi-Vector EDR
In recent days, the cybersecurity industry has been rapidly assessing the full impact of the Log4Shell (CVE-2021-44228 and CVE-2021-45046) vulnerability. Many organizations are quickly trying to figure out whether this vulnerability is within their environment, and where. The next question a security operations team will ask is if its presence has been exploited. This is critical to answer quickly given Log4Shell’s high severity, the pervasiveness of Java, and its ease of exploitation.
#### Free Trial
### Get 30 Days of Qualys Multi-Vector EDR Free
Get the Free Trial
In a previous blog we discussed how to mitigate the threat of this vulnerability via a patch
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-4228/https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-4228/
2022-10-24
Published