As part of a security audit for one of our customers, our Pentest teams have contributed to the security of all!
Indeed, during this mission for a telecom operator, our cybersecurity consultants discovered a chain of vulnerabilities allowing an attacker to remotely enter the operator's administration network.
This security flaw, extremely sensitive for end-users, could affect several other operators.
Our teams have actively worked with the concerned vendor to contact each vulnerable entity to block this threat. Our teams acted in accordance with our Responible Disclosure approach, i.e. by publishing the information once all operators have applied the corrections, so as not to attract the attention of hackers.
Find the vulnerability publication attached.
Affected CVE identifiers: CVE-2020-10579, CVE-2020-10580, CVE-2020-10581, CVE-2020-10582, CVE-2020-10583, CVE-2020-10584.