NetCat
Russia
Central Federal District of the Russian Federation
Moscow
Suschevsky Val, 18
Content |
History
2024: More than a dozen dangerous vulnerabilities have been discovered in the popular CMS Netcat
In mid-April, FSTEC added 15 defects in the Russian commercial CMS Netcat discovered by CyberOK to its Database of Threats and Vulnerabilities (NOS). Most vulnerabilities are related to the administrative interface of CMS and allow attackers to hijack an application server based on Netcat by navigating the administrator to a specially prepared link. The detected errors are fixed in version 6.4, so it is recommended to upgrade Netcat CMS to safe versions as quickly as possible.
In particular, ten of the discovered vulnerabilities received a high level of danger, while three were assigned a critical level of danger. So BDU:[1] allows the malefactor to create the new user with the rights of the administrator by means of sending specially created inquiry, BDU:[2] gives to the removed malefactor the chance to get unauthorized access to a system, and BDU:[3] provides a circumvention of the existing restrictions of safety and increase in privilege in a system by sending specially created inquiry.
At the same time, the system for monitoring and informing about the surface of attacks (SCIPA), which was developed by CyberOK, detects more than 22 thousand sites based on Netcat CMS in the Russian segment of the Internet. Moreover, the vast majority of them (20,500) do not restrict access to administrative interfaces, which facilitates the implementation of various attacks. The presence of vulnerabilities from FSTEC notifications has been confirmed on more than 15,700 sites.
In addition to installing the latest updates, companies that operate sites based on CMS Netcat are advised to restrict external access to the Netcat administrative interface, maximize the behavior of system administrators using the Web Application Layer (WAF) screen, update spam filter rules, and capture all administrator actions using privileged user control systems. If anomalies are detected in the behavior of CMS, you will have to minimize access rights as quickly as possible and delete extraneous content.
2013
As of April 2013 CMS , NetCat has more than 19,000 sites. The company's partner network has more than 2,000 companies and developers.