TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Validating the SolarWinds N-central 'Dumpster Diver' Vuln | Huntress

2020-01-24 · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
97%
"the news was reposted across social media by automated services like the one below : within the article was a link to a proof of concept ( poc ) that gives novice it staff ( and novice hackers ) the ability to easily exploit this vulnerability. the same code was also published to…"
T1190Exploit Public-Facing Application
85%
"validating the solarwinds n - central ' dumpster diver ' vuln | huntress update 1 / 26 / 2020 : mitre assigned cve - 2020 – 7984 for this vulnerability. update 12 : 55pm 1 / 24 / 2020 : solarwinds has released two hotfixes for the vulnerabilities! you can find these fixes on thei…"
T1190Exploit Public-Facing Application
82%
"##am 1 / 24 / 2020 : solarwinds has published some mitigation instructions to expunge the credentials from the n - central service. this should clear the passwords that attackers are able to extract using the dumpster diver vulnerability. as with most mitigations, this brings wit…"
T1557.001Name Resolution Poisoning and SMB Relay
45%
"to the effort of multiple msp partners, our team was notified about a zero - day vulnerability posted to packet storm for solarwinds n - central. in this post, engineer justin oberdorf suggested the fully patched product would allow an unauthenticated user to perform several alar…"

Summary

Read more about Huntress validating the SolarWinds N-central “Dumpster Diver” Vulnerability.