Gray Box Pentest for a Pharma Company Revealed Severe Intranet Vulnerabilities
About Our Customer
The Customer is a US bioscience company with nearly three decades of experience. It provides drug testing, formulation development, and solid dose manufacturing services for pharmaceutical and biotech companies.
Reliable Cybersecurity Vendor Was Needed
The Customer wanted to verify the cyber protection of its private network. Due to the lack of in-house cybersecurity expertise, the company was looking for a trustworthy and experienced vendor to spot potential vulnerabilities.
Gray Box Penetration Testing Uncovered Critical Security Gaps
With 20+ years of experience in cybersecurity and a solid background in IT services for the healthcare and life sciences domain, ScienceSoft met the Customer's vendor selection criteria and took on the project.
Based on the careful analysis of the Customer's security needs, ScienceSoft's team selected the gray box pentesting approach (imitating the actions of a real-life attacker who has partial access to the targets).
The Customer provided ScienceSoft with low-privileged user credentials to access its network, which comprised 49 IP addresses. Our pentesters started with vulnerability assessment: they scanned the network using automated tools and manually validated the scanning results. After excluding the false positives, the team attempted to exploit the found vulnerabilities and gain higher-level access to the system and sensitive data. During the pentest, ScienceSoft followed PTES and NIST 800-115 best practices.
Using the NIST CVSS threat classification standard, ScienceSoft's cybersecurity experts assessed the found vulnerabilities based on their exploitation likelihood and potential impact. They identified three high-severity, one medium-severity, and three low-severity security issues. These vulnerabilities included:
- The use of default administrator credentials that allowed any user on the local network to access and control the intranet devices.
- The access control vulnerability that allowed an attacker to exploit the SMB (Server Message Block) protocol for DoS attacks or the distribution of malicious files.
- Outdated software components with multiple known vulnerabilities that could allow the disclosure of sensitive data, DoS attacks, privilege escalation, and the execution of arbitrary code.
To fix these issues, our team recommended the following steps:
- Implementing a stronger password policy to prevent the usage of default credentials and blank or weak passwords on network devices.
- Setting up strict access controls by using read-only permissions on the server side and moving servers that require read/write permission to another isolated VLAN.
- Updating software to the latest version.
Corporate Network of 49 IPs Tested in a Week
In just five days, ScienceSoft's pentesters verified the Customer's private network and drew up a comprehensive report describing the completed testing activities, the found vulnerabilities, and corresponding corrective actions. Following our remediation advice, the Customer fixed all the identified issues and raised the security level of its intranet from low to high, which our pentesters confirmed with a retest.
Technologies and Tools
Metasploit, Nessus, Acunetix, smbclient, CrackMapExec, Nmap, Python, C, Perl.
