Severe Netsweeper zero-day leaves gaping hole in users’ networks

guest · May 7, 2020

Severe RCE vulnerability in content filtering system has been patched, Netsweeper says
Following the public disclosure of the zero-day last week
May 7, 2020
https://portswigger.net/daily-swig/...ering-system-has-been-patched-netsweeper-says

The critical vulnerability was made public on April 28 by Noam Rathaus following weeks of unsuccessful attempts by the Beyond Security co-founder to contact Netsweeper to fix the problem.

Netsweeper software is used for content filtering and to block websites, including pornographic and gambling-related domains. A real-time monitoring solution for students has also recently been released.
Hijacking traffic channels
As previously reported by The Daily Swig, Rathaus said the security flaw could be used by attackers not only to tamper with content filtering, but also to hijack traffic channels and redirect users to malicious domains.
At the time, Netsweeper did not respond to requests concerning upcoming patches to resolve the vulnerability.
Click to expand...

In a further update on May 6, Netsweeper told The Daily Swig that upon the public disclosure of the vulnerability on April 28, a patch was created. Customers were directly informed via email and urged to update.
According to the company, Netsweeper engineers “worked closely with several of our customers to ensure the patch was properly applied”.

The patch will be included in all new releases, however, the company has not shared the technical details of the fix.
Click to expand...

Severe Netsweeper zero-day leaves gaping hole in users’ networks (April 29, 2020)

UPDATE (May 6, 2020; 15:04 UTC) Netsweeper has now issued a patch to address this vulnerability. Check out our latest article for details.

Netsweeper is harboring an unpatched, severe RCE flaw that could expose countless companies and their subscribers to the hijack of content filtering and webpage viewing systems.
Netsweeper describes itself as a provider of application and internet content filtering solutions for organizations, educational establishments, governments, and ISPs.
Click to expand...

Log in or Sign up

Severe Netsweeper zero-day leaves gaping hole in users’ networks

guest Guest

Log in or Sign up

Severe Netsweeper zero-day leaves gaping hole in users’ networks

guest Guest

Useful Searches