Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment
Summary
Hackers have successfully exploited a zero-day vulnerability in KnowledgeDeliver to deploy web shells and gain remote code execution. The vulnerability stemmed from hardcoded machineKey values in a configuration file, which allowed for ViewState deserialization attacks.
IFF Assessment
This vulnerability allows attackers to achieve remote code execution, posing a significant threat to systems and data.
Severity
The vulnerability allows for remote code execution (high impact) through deserialization attacks, which are often exploitable without authentication (high exploitability) and can be initiated remotely.
Defender Context
Defenders need to be aware of this zero-day exploit and the potential for attackers to gain control of systems through ViewState deserialization. Organizations using KnowledgeDeliver should prioritize patching or mitigating this vulnerability to prevent unauthorized access and code execution.