NAT-Slipstreaming-Angriffe: Es kommt noch schlimmer heise.de - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from heise.de Daily Mail and Mail on Sunday newspapers.
New Attack Could Let Remote Hackers Target Devices On Internal Networks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research.
Detailed by enterprise IoT security firm Armis, the new attack (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet.
First disclosed by security researcher Samy Kamkar in late October 2020, the JavaScript-based attack relied on luring a user into visiting a malicious website to circumvent browser-based port restrictions and allow the attacker to remotely access TCP/UDP services on the victim s device, even those that were protected by a firewall or NAT.