Rewterz Threat Advisory – CVE-2022-1419 – Linux Kernel Vulnerability

April 22, 2022

Rewterz Threat Advisory – Multiple Cisco Vulnerabilities

April 22, 2022

Rewterz Threat Advisory – ICS: Johnson Controls Metasys SCT Pro Vulnerability

April 22, 2022

Severity

Medium

Analysis Summary

CVE-2021-36203

Johnson Controls Metasys SCT Pro is vulnerable to server-side request forgery, caused by improper validation of user requests. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to conduct an SSRF attack, allowing the attacker to access or manipulate resources from the perspective of the affected server.

Impact

Unauthorized Access

Indicators Of Compromise

CVE

CVE-2021-36203

Affected Vendors

Johnson Controls

Affected Products

Johnson Controls Metasys SCT Pro 14.2.1
Johnson Controls Metasys SCT 14.2.1

Remediation

Refer to Johnson Controls Product Security Advisory for patch, upgrade or suggested workaround information.

Johnson Controls Product Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Microsoft Alerts on Node.js Exploitation in Malware Campaigns

ICS: Multiple Rockwell Automation ThinManager Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2022-1419 – Linux Kernel Vulnerability

Rewterz Threat Advisory – Multiple Cisco Vulnerabilities

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.