All-time High Cybersecurity Attrition + Economic Uncertainty = Happy(ish) New Year 

All-time High Cybersecurity Attrition + Economic Uncertainty = Happy(ish) New Year

As 2023 fires up, so do the attrition numbers across the Cybersecurity vertical.  With bonuses being paid and cybersecurity professionals searching for the next great job, vulnerability management teams are understaffed with growing concerns around finding qualified cybersecurity candidates to fill once occupied roles.  To amplify the situation, 2023 looks to be the year of ‘economic uncertainty’, sparking layoffs and budget contractions as companies brace for a potential recession.  These compounding factors put already overworked vulnerability management teams behind the curve as malicious threats become more frequent and more sophisticated. 

Exodus Intelligence is here to help. 

In response to the soaring attrition numbers and lack of qualified talent, Exodus Intelligence wants to help in making vulnerability management teams more efficient.  Exodus is offering their N-Day vulnerability subscription for FREE for 1 month for all users registered no later than January 31st.  Exodus brings 300+ years of vulnerability research expertise and the trust of governments and Fortune 500 organizations to mitigate the most critical vulnerabilities in existence. Simply put – you receive 35 world-class reserachers at no cost. 

The N-Day Vulnerability subscription provides customers with intelligence about critically exploitable, publicly disclosed vulnerabilities on widely used software, hardware, embedded devices, and industrial control systems.  Every vulnerability is analyzed, documented, and enriched with high-impact intelligence derived by some of the best reverse engineers in the world. At times, vendor patches fail to properly secure the underlying vulnerability.  Exodus Intelligence’s proprietary research enhances patch management efforts. Subscribed customers have access to an arsenal of more than 1200 vulnerability intelligence packages to ensure defensive measures are properly implemented. 

For those that are concerned about Zero-day vulnerabilities, Exodus is also offering the benefit of our Zero-day vulnerability subscription for up to 50% off for new registrations no later than January 31st.  Exodus’ Zero-day Subscription provides customers with critically exploitable vulnerability reports, unknown to the public, affecting widely used and relied upon software, hardware, embedded devices, and industrial control systems. Customers will gain access to a proprietary library of over 200 Zero-day vulnerability reports in addition to proof of concept exploits and highly enriched vulnerability intelligence packages. These Zero-day Vulnerability Intelligence packages, unavailable anywhere else, enable customers to reduce their mean time to detect and mitigate critically exploitable vulnerabilities. 

These offerings are available to the United States (and allied countries) Private and Public Sectors to gain the immediate benefit of advanced vulnerability analysis, mitigation guidance/signatures, and proof-of-concepts to test against current defenses. 

To register for FREE N-day Intelligence, please fill out the webform here 

Sample Report

CloudLinux LVE kernel module (kmod-lve) Reference Counter Overflow

EIP-ad32d249

A local privilege escalation vulnerability exists in the CloudLinux Lightweight Virtualized Environment (LVE) kernel module due to an overflow of a reference counter. Successful exploitation allows an authenticated local user to escalate their privileges to root, whereas an unsuccessful exploit may cause a kernel panic. 

Vulnerability Identifiers

  • Exodus Intelligence: EIP-ad32d249
  • MITRE: CVE-2022-0492

Vulnerability Metrics

  • CVSSv2 Score: 6.6

Vendor References

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to affected vendor: April 21st, 2022
  • Disclosed to public: January 13th, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

SonicWall SMA 500v and SMA 100 Series Firmware Heap Buffer Overflow

EIP-6a6472ab

A remote code execution vulnerability exists in SonicWall SMA 100 Series and SMA 500v Series due to a heap buffer overflow in the ‘extensionsetting’ endpoint. A remote, authenticated attacker can send crafted HTTP POST requests to execute code on vulnerable targets as the ‘nobody’ user.

Vulnerability Identifiers

  • Exodus Intelligence: EIP-6a6472ab
  • MITRE: CVE-2022-2915

Vulnerability Metrics

  • CVSSv2 Score: 6.0

Vendor References

Discovery Credit

  • Sergi Martinez (Exodus Intelligence)

Disclosure Timeline

  • Disclosed to affected vendor: April 21st, 2022
  • Disclosed to public: January 12th, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).

Schneider Electric SoMachine HVAC ActiveX Control Information Disclosure Vulnerability

EIP-50a1e402

An information disclosure vulnerability exists in Schneider Electric SoMachine HVAC due to a method in the ‘AxEditGrid3.ocx’ ActiveX control leaking a heap address of an ActiveX object. An attacker can entice a user to open a specially crafted web page to leak Internet Explorer process memory information.

Vulnerability Identifiers

  • Exodus Intelligence: EIP-50a1e402
  • MITRE: CVE-2022-2988

Vulnerability Metrics

  • CVSSv2 Score: 5.0

Vendor References

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to affected vendor: December 10th, 2021
  • Disclosed to public: January 12th, 2023

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program (RSP).