In this tutorial we will go through the very easy to exploit Follina (CVE-2022-30190) which can be used to perform command execution. This is a easy to build exploit as command can be executed on the remote system witout any promot. As this exploit does not require any macro for exploit, and the complexity of the development is easy, attackers can easily use this to enter enterprise network via email and opening the file using Microsoft Office.
log4j vulnerability is a vulnerability which can have significant impact on the security of the system. It gives remote command execution on the target system which can cause significant damage on the system. This attack vector has been carried out by various threat actors and they were able to breach various servers and execute commands. It is strongly advised that system administrators update their systems as soon as possible.
summary On December 10th, 2021, the National Vulnerability Database (NVD) published the CVE-2021-44228 documenting a vulnerability in the Apache log4j library Java Naming and Directory Interface (JNDI) lookup feature allowing for remote code execution by an attacker who is able to manipulate log messages.
