Network Device Vulnerability Allows a Remote Access

At the annual international conference CanSecWest in Vancouver, ANSSI The French Network and Information Security Agency members demonstrated how an intruder can gain a complete control over a system remotely.

Speakers explained how an attacker may use certain vulnerability in the network devices to execute arbitrary commands on the victim machine. The presentation called: “Can you still trust your network card?”. The attack uses packets sent by the network device of the victim and enables attacker to conduct: Man in the middle Attack, access to the host cryptographic keys, and execution of malicious program on victim computer.

The presentation included a full description of the vulnerability, as well as a demo of the attack while the tool used for conducting this attack and the proof of concept exploit remains not published.

Here you can find the presentation: http://www.ssi.gouv.fr/site_article186.html

The attack is possible on certain network devices model (Broadcom NetXtreme), with a certain condition (by enabling remote control Alert Standard Format 2.0) which is by default disabled. And According to the manufacture there is an update released to patch this vulnerability.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
11 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] This post was mentioned on Twitter by Seeb, Mourad Ben Lakhoua, Mourad ben lakhoua, HackThis, SecureTechnology and others. SecureTechnology said: #Security #infosec Network Device Vulnerability Allows a Remote Access: At the annual international confer… http://bit.ly/dih3jN […]

trackback

Network Device Vulnerability Allows a Remote Access: [sectechno.com] At the annual international conference… http://dlvr.it/tKB6 ˃

trackback

Network Device Vulnerability Allows a Remote Access: [sectechno.com] At the annual international conference… http://dlvr.it/N4ys

trackback

RT @unsecuremobile: Network Device Vulnerability Allows a Remote Access http://bit.ly/9I3ZdU

trackback

RT @sectechno: Network Device Vulnerability Allows a Remote Access http://bit.ly/bLlhc1

trackback

RT @sectechno: Network Device Vulnerability Allows a Remote Access http://bit.ly/bLlhc1

trackback

RT @MBenLakhoua: RT @sectechno: Network Device Vulnerability Allows a Remote Access http://bit.ly/bLlhc1 #security #infosec

trackback

RT @cyberdad: "RT @sectechno: Network Device Vulnerability Allows a Remote Access http://bit.ly/bLlhc1 #security #infosec" -@MBenLakhoua

trackback

RT @MBenLakhoua: RT @sectechno: Network Device Vulnerability Allows a Remote Access http://bit.ly/bLlhc1 #security #infosec

trackback

RT @sectechno: Network Device Vulnerability Allows a Remote Access http://bit.ly/bLlhc1 #security #infosec

trackback

Network Device Vulnerability Allows a Remote Access http://bit.ly/bLlhc1