The U.S. Department of Defense has revealed details about four security vulnerabilities on its infrastructure of which two are of high severity rating and the other two with a critical score.
The flaws which were reported in August and July could let attackers hijack a subdomain, execute arbitrary code remotely, or view files on the affected machine.
All issues were reported through the Department’s vulnerability disclosure on the HackerOne bug bounty platform by distinct ethical hackers.
One of the critical vulnerabilities which was found by the ethical hacker chron0x is a subdomain takeover because of an unclaimed Amazon S3 bucket. He states that the issue could be exploited to host malicious content on a legitimate domain.
The individuals visiting the site could then be targeted with phishing and cross-site scripting attacks. The flaw can also let the attacker to bypass domain security and to steal sensitive user data.
The second critical vulnerability is a remote code execution on a DoD server running Apache Solr. It was reported by Hzllaga on August 19 and it had been left unpatched since then.
The server was vulnerable to CVE-2019-0192 and CVE-2019-0193, but with the latter alone the hacker could get a shell on the server. Exploit code for both of them is available.
The high severity bug from an unpatched software was discovered by IT security analyst Dan (U.S. Navy and Coast Guard veteran), is a read-only path traversal that could have given an attacker access to arbitrary sensitive files on the system. It is in a Cisco product.
The second less severe bug is a code injection on a DoD host that may lead to arbitrary code execution, according to the report from e3xpl0it, a penetration tester at cybersecurity company Positive Technologies.
DoD has immediately validated and fixed all the reported problems.