Cloud-Sniper - gtechne attack platform
According to NIST, there are currently about 50+ critical vulnerabilities that are powerful attack vectors. Most of them allow remote execution of malware (ransomware) or allow the reading of files (data leakage), and when exploited can bring great damage to your online business or infrastructure.
For this reason we use the Cloud-Sniper platform, which simulates a real attack and is able to penetrate deep into these weaknesses, simulating their exploitation, just as an attacker would do, generating a report with the evidence found (artifacts) of each successful operation.
list of tests performed
Cloud-Sniper is a custom tool that implements a set of modules for exploiting the most critical vulnerabilities (CVEs) in high-profile software that the majority of companies in the world use. The tool mimics the exploits and attack techniques found in real world scenarios to determine the truly vulnerable systems. After a successful exploitation, Cloud-Sniper automatically runs post-exploitation modules which extract interesting data from the target system as solid proof of intrusion. When Cloud-Sniper successfully exploits a vulnerability, it confirms the risk is real. It also means system administrators must act immediately to remediate the issue, as attackers are actively exploiting it in the wild.
CVE | CVE Score | Vuln Date | Vendor | Type | Weakness |
|---|---|---|---|---|---|
CVE-2021-26084 | 9.8 CRITICAL | 13/12/2021 | Atlassian | Confluence | Remote Code Exec |
CVE-2020-25223 | 9.8 CRITICAL | 10/12/2021 | Sophos | SG UTM | Remote Code Exec |
CVE-2020-17530 | 9.8 CRITICAL | 10/12/2021 | Apache | Struts | Remote Code Exec |
CVE-2021-22205 | 10.0 CRITICAL | 30/11/2021 | GitLab | Server | Remote Code Exec |
CVE-2021-41773 | 7.5 HIGH | 30/11/2021 | Apache | Web Server | Remote Code Exec/File Read
|
CVE-2021-42013 | 9.8 CRITICAL | 30/11/2021 | Apache | Web Server | Remote Code Exec |
CVE-2014-6271 | 9.8 CRITICAL | 17/11/2021 | GNU Project | Bash | Remote Code Exec |
CVE-2021-38647 | 9.8 CRITICAL | 03/11/2021 | Microsoft | Azure Cloud | Remote Code Exec |
CVE-2019-10149 | 9.8 CRITICAL | 28/10/2021 | Exim | Internet Mailer | Remote Code Exec |
CVE-2019-0230 | 9.8 CRITICAL | 20/10/2021 | Apache | Struts | Remote Code Exec |
CVE-2021-42071 | 9.8 CRITICAL | 15/10/2021 | VisualTools | Monitoring System | Remote Code Exec/File Read
|
CVE-2021-34473 | 9.8 CRITICAL | 21/09/2021 | Microsoft | Exchange Server | Remote Code Exec |
CVE-2021-21985 | 9.8 CRITICAL | 14/09/2021 | VMware | vCenter Server | Remote Code Exec |
CVE-2020-3452 | 7.5 HIGH | 06/08/2021 | Cisco | ASA | File Read |
CVE-2020-5902 | 9.8 CRITICAL | 21/07/2021 | F5 | BIG IP | Remote Code Exec |
CVE-2020-1938 | 9.8 CRITICAL | 21/07/2021 | Apache | Tomcat | File Read |
CVE-2018-13379 | 9.8 CRITICAL | 03/06/2021 | Fortinet | FortiGateway SSL VPN | File Read |
CVE-2021-26855 | 9.8 CRITICAL | 21/05/2021 | Microsoft | Exchange Server | Remote Code Exec |
CVE-2021-3129 | 9.8 CRITICAL | 06/04/2021 | Laravel | Web Framework | Remote Code Exec |
CVE-2021-22986 | 9.8 CRITICAL | 05/04/2021 | F5 | BIG IP | Remote Code Exec |
CVE-2021-21315 | 7.8 HIGH | 25/03/2021 | Sebastian Hildebrandt | System Information Library for Node.JS | Remote Code Exec |
CVE-2021-21972 | 9.8 CRITICAL | 24/02/2021 | VMware | vCenter Server | Remote Code Exec |
CVE-2021-3223 | 7.5 HIGH | 28/01/2021 | Node | Red | Remote Code Exec |
CVE-2020-8193 | 6.5 MEDIUM | 13/11/2020 | Citrix | ADC/Gateway | File Read |
CVE-2019-11510 | 10.0 CRITICAL | 24/08/2020 | Pulse | Connect Secure | File Read |
CVE-2020-8194 | 6.5 MEDIUM | 13/07/2020 | Citrix | ADC/Gateway | Remote Code Exec |
CVE-2017-9791 | 9.8 CRITICAL | 28/05/2020 | Apache | Struts | Remote Code Exec |
CVE-2019-19781 | 9.8 CRITICAL | 08/01/2020 | Citrix | ADC | Remote Code Exec |
CVE-2017-12617 | 8.1 HIGH | 23/04/2019 | Apache | Tomcat | Remote Code Exec |
Request a quote!
Investing in cyber resiliency always pays off!
Having an active and resilient posture in cybersecurity brings more business to your company, because it not only allows your risks to be mitigated, but also maintains a safe and stable business environment for all your customers and suppliers.
Please, leave us your email and we’ll contact you to discuss all details.