VulnHub

Articles tagged "Privilege Escalation"

Found 6 articles

BYOVD technique embedded in nascent Reynolds ransomware

SCM feed for Latest

Actively Exploited

A new strain of ransomware known as Reynolds has emerged, utilizing a method called bring your own vulnerable driver (BYOVD) to gain higher privileges on compromised systems. This technique allows attackers to disable endpoint detection and response tools, making it easier for them to operate undetected. The integration of BYOVD into this ransomware indicates a sophisticated approach to cyberattacks, as it targets existing vulnerabilities within drivers that are already part of the system. Organizations need to be vigilant about the security of their drivers and ensure that they are updated to mitigate this threat. The rise of Reynolds ransomware underscores the evolving tactics that cybercriminals are employing to bypass security measures.

Impact: Vulnerable drivers on Windows operating systems

Remediation: Ensure all drivers are updated to the latest versions and monitor for unusual activity on endpoints.

Ransomware Privilege Escalation

2 weeks ago

Read Original

AI Agents Are Becoming Privilege Escalation Paths

The Hacker News

AI agents, once simple tools for individual productivity, are now integral to various organizational processes, including security and IT operations. These agents can automate workflows across multiple systems, which raises concerns about privilege escalation paths. As they gain more access to sensitive data and systems, they could be exploited by attackers to gain unauthorized access or escalate their privileges within an organization. This shift in how AI is utilized in workplaces poses significant risks, as vulnerabilities in these agents could lead to severe security breaches. Companies need to assess their AI implementations and ensure that appropriate security measures are in place to mitigate these risks.

Impact: AI agents used in security, engineering, IT, and operations

Remediation: Companies should assess AI implementations and enhance security measures.

Privilege Escalation Critical

1 month ago

Read Original

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

Help Net Security

CVE-2025-40602

Actively Exploited

SonicWall has issued a hotfix for a local privilege escalation vulnerability, identified as CVE-2025-40602, that affects its Secure Mobile Access (SMA) 1000 appliances. This flaw is currently being exploited by attackers, particularly in combination with another vulnerability, CVE-2025-23006, which allows for unauthenticated remote code execution with root privileges. Organizations using SMA 1000 appliances are at risk, as this could enable unauthorized access and control over their systems. SonicWall is urging all customers to apply the patch promptly to mitigate the risk of exploitation. The situation highlights the ongoing need for vigilance and timely updates in cybersecurity practices.

Impact: SonicWall Secure Mobile Access (SMA) 1000 appliances

Remediation: Customers are advised to apply the hotfix provided by SonicWall to address the vulnerability.

CVE Zero-day Vulnerability Patch Privilege Escalation

2 months ago

Read Original

JumpCloud Windows Agent Flaw Enables Local Privilege Escalation

Infosecurity Magazine

JumpCloud has identified a vulnerability in its Remote Assist feature for Windows that could allow attackers to escalate privileges locally or launch denial-of-service attacks on managed endpoints. This flaw affects systems running the JumpCloud Windows Agent, posing a risk to organizations that rely on this software for remote management. If exploited, the vulnerability could give unauthorized users elevated access to sensitive system functions, potentially leading to further malicious actions. Users and administrators of JumpCloud services should be aware of this issue and take steps to secure their systems. It's crucial for organizations to stay informed about such vulnerabilities to protect their data and infrastructure.

Impact: JumpCloud Remote Assist for Windows, JumpCloud Windows Agent

Remediation: Users should apply any available patches or updates from JumpCloud to mitigate the risk. Specific patch numbers or versions are not mentioned.

Windows Vulnerability Privilege Escalation

2 months ago

Read Original

Opto 22 groov View

All CISA Advisories

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

Impact: Affected products include: groov View Server for Windows (Versions R1.0a to R4.5d), GRV-EPIC-PR1 Firmware (Versions prior to 4.0.3), GRV-EPIC-PR2 Firmware (Versions prior to 4.0.3). Vendor: Opto 22.

Remediation: Opto 22 recommends upgrading to groov View Server for Windows Version R4.5e and GRV-EPIC Firmware Version 4.0.3. Additionally, CISA advises minimizing network exposure for control system devices, using firewalls, securing remote access with VPNs, and performing impact analysis and risk assessment before deploying defensive measures.

Windows CVE Vulnerability Patch Update Privilege Escalation+1 more

3 months ago

Read Original

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

The Hacker News

Grafana has issued security updates to fix a critical vulnerability, CVE-2025-41115, with a CVSS score of 10.0. This flaw in the SCIM component can lead to privilege escalation and user impersonation under specific configurations.

Impact: Grafana

Remediation: Apply security updates provided by Grafana.

CVE Vulnerability Privilege Escalation Critical

3 months ago

Read Original