cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Chuxing
Community Champion

Have a pi(e) and eat it

Seriously, someone wants to attack my Raspberry Pi ?

 

https://nvd.nist.gov/vuln/detail/CVE-2018-18068

 

 


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
2 Replies
Beads
Advocate I

Future 'con presentations have to come from somewhere, even if they present no real world threat. In this case I suspect this is probably what is going on here.

 

Somehow I skipped over this information when skimming my daily CVE browsing the past few days.

 

Food for thought.

 

- b/eads

OS22783
Newcomer II

Why not? If I send you a cool app and you run it granting me access to your network, I poke around the network and see Linux running on a Pi, if I can pivot to that then I would try all the privesc methods at my disposal. Now your Pi is being used as a C2 server or whatever else the threat actor wants 😉


___________________________
CISSP, OSCP