WID-SEC-W-2023-0561

Affected Products

Exploit Intelligence

• Scan for python installations on macOS, and run CVE-2015-20107.py script to report if patching is needed (github-poc-repo)
• CVE-2019-6111 vulnerability exploitation (github-poc-repo)
• Case Study: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN (github-poc-repo)
• POC of CVE-2021-42574 for solidity and solc compiler (github-poc-repo)
• Checks your files for existence of Unicode BIDI characters which can be misused for supply chain attacks. See CVE-2021-42574 (github-poc-repo)
• A GitHub Action to find Unicode control characters using the Red Hat diagnostic tool https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 to detect RHSB-2021-007 Trojan source attacks (CVE-2021-42574,CVE-2021-42694) (github-poc-repo)
• Generate malicious files using recently published bidi-attack (CVE-2021-42574) (github-poc-repo)
• k271266/CVE-2021-42694 (github-poc-repo)
• Scan code for invisible bidirectional Unicode characters (Trojan Source attack prevention, CVE-2021-42574) (github-poc-repo)
• Generate malicious files using recently published homoglyphic-attack (CVE-2021-42694) (github-poc-repo)

…and 62 more exploits

Timeline

• Mar 2, 2023 CVE Published
• May 18, 2023 CVE Updated

References

• https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0561.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0561 advisory
• https://security.business.xerox.com/wp-content/uploads/2023/05/Xerox-Security-Bulletin-XRX23-007-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf url
• https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf url
• https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-002-FreeFlow-Print-Server-v2_Windows10.pdf url
• https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-001-FreeFlow%C2%AE-Print-Server-v7.pdf url