Jan A. Rodriguez

Pesquisador deGM SecTec Inc.
#9776de 53,633
28.3CVSS total
Vulnerabilidades · 3
Alta
1
Crítica
2
PT-2026-8030
10
2026-02-13
Microsoft · Iis · CVE-2026-26333
**Name of the Vulnerable Software and Affected Versions** Calero VeraSMART versions prior to 2022 R1 **Description** An unauthenticated .NET Remoting HTTP service is exposed on TCP port 8001 in affected versions. The service publishes default ObjectURIs, including `EndeavorServer.rem` and `RemoteFileReceiver.rem`, and allows the use of SOAP and binary formatters with TypeFilterLevel set to Full. A remote attacker can invoke the exposed remoting endpoints to perform arbitrary file read and write operations via the `WebClient` class. This can allow retrieval of sensitive files, such as `WebRootweb.config`, potentially disclosing IIS machineKey validation and decryption keys. These keys can be used to generate a malicious ASP.NET ViewState payload, achieving remote code execution within the IIS application context. Supplying a UNC path can trigger outbound SMB authentication from the service account, potentially exposing NTLMv2 hashes for relay or offline cracking. **Recommendations** Update to version 2022 R1 or later.
PT-2026-8031
8.5
2026-02-13
Calero · Verasmart · CVE-2026-26334
**Name of the Vulnerable Software and Affected Versions** Calero VeraSMART versions prior to 2026 R1 **Description** The software contains hardcoded static AES encryption keys within the `Veramark.Framework.dll` module, specifically in the `Veramark.Core.Config` class. These keys are used to encrypt the password of the service account stored in `C:VeraSMART Dataapp.settings`. An attacker with local access can extract these keys from the `Veramark.Framework.dll` module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially leading to local privilege escalation depending on the privileges of the configured service account. **Recommendations** Update to version 2026 R1 or later.
PT-2026-8032
9.8
2026-02-13
Veramark · Verasmart · CVE-2026-26335
**Name of the Vulnerable Software and Affected Versions** Calero VeraSMART versions prior to 2022 R1 **Description** The application uses static machineKey values configured for the VeraSMART web application and stored in 'C:Program Files (x86)VeramarkVeraSMARTWebRootweb.config'. An attacker obtaining these keys can create a valid ASP.NET ViewState payload, bypassing integrity validation. This leads to server-side deserialization and remote code execution within the IIS application context. **Recommendations** Update to version 2022 R1 or later.