Discover Security Vulnerabilities News
Pwning the pen tester: Malicious Wireshark packet capture file risk revealed
Maliciously constructed Wireshark packet capture files might be used to distribute malware, providing recipients can be tricked into double clicking file URL fields. A CVE has been assigned to the security issue (now resolved through a recent update) due its potential for harm, despite the fact that some social engineering trickery is required.
Variants of the same attack could potentially be thrown against users of the popular network security tool, widely used by security analysts and penetration testers, whether they use Windows or Xubuntu Linux-based systems.
Even though developers of Wireshark normally avoid asking for a CVE to be created for potential security issues that require user interaction, an exception was made in this case because of the “low barrier to entry and level of control” an attacker might gain.
The issue, tracked as CVE-2021-22191, was resolved through a recent update.