Snapshot
Aug. 26, 2023 - Sept. 1, 2023
| CISA Known Exploited Vulnerabilities | ||||
|---|---|---|---|---|
| No issues added to the CISA Known Exploited Vulnerability list. | ||||
| Newswires | ||||
| Critical VMware SSH Authentication Bypass Vulnerability Exploited: Details and Mitigation ProjectDiscovery Research analysts discovered a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks tool, formerly known as vRealize Network Insight. | Sept. 1, 2023 | |||
| Kinsing Cybercrime Group Targets OpenFire Cloud Servers with New Attack Vector The Kinsing cybercrime group has discovered a new method of attack: exploiting a previously identified path traversal flaw in the Openfire enterprise messaging application. | Aug. 31, 2023 | |||
| Critical SSH Authentication Bypass Vulnerability Detected in VMware Aria VMware Aria Operations for Networks, earlier known as vRealize Network Insight, has a critical severity authentication bypass flaw that could enable remote hackers to bypass SSH authentication and access private endpoints. | Aug. 30, 2023 | |||
| ClamAV Exposed to WinRAR Code Execution Vulnerability (CVE-2023-40477) In the modern era of rapid technological advancement, the protection of our digital data is of utmost importance. | Aug. 30, 2023 | |||
| FIN8 Ransomware Group Targets Unpatched Citrix NetScaler Devices Citrix NetScaler ADC and NetScaler Gateway devices are being targeted by a ransomware group, suspected to be linked to the financial threat actor FIN8. | Aug. 29, 2023 | |||
| Barracuda Zero-Day Attacks Target US Government Email Servers In a recent wave of attacks, suspected Chinese hackers have exploited a zero-day vulnerability in Barracuda Email Security Gateway (ESG), with a particular focus on government and government-linked organizations in the Americas. | Aug. 29, 2023 | |||
| Juniper Firewall Vulnerabilities: Exploit Code Released for Remote Code Execution Attacks Publicly available proof-of-concept exploit code has been released for a series of vulnerabilities in Juniper SRX firewalls. | Aug. 28, 2023 | |||
| LockBit 3.0 Ransomware Builder Leaked Online: An Analysis The LockBit 3.0 ransomware, also known as LockBit Black, was first identified in June 2022. | Aug. 27, 2023 | |||
| Vulnerabilities In The News | ||||
| CVE | Summary | Severity | Vendor | Risk Context | 
| CVE-2023-34039 (9) | Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. | CRITICAL | Actively Exploited Public Exploits Available | |
| CVE-2023-2868 (8) | A remote command injection vulnerability exists in the Barracuda Email Security Gateway product effecting versions 5.1.3.001... | CRITICAL | Barracuda Networks, Barracuda | CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available | 
| CVE-2023-3519 (6) | Unauthenticated remote code execution | CRITICAL | Citrix | CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available | 
| CVE-2023-33246 (5) | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. | CRITICAL | Actively Exploited Remote Code Execution Public Exploits Available | |
| CVE-2023-20887 (4) | Aria Operations for Networks contains a command injection vulnerability. | CRITICAL | Vmware | CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available | 
| CVE-2023-20890 (8) | Aria Operations for Networks contains an arbitrary file write vulnerability. | HIGH | Vmware | Remote Code Execution | 
| CVE-2023-36846 (9) | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthentic... | MEDIUM | Juniper | Actively Exploited Remote Code Execution | 
| CVE-2023-36845 (7) | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allo... | MEDIUM | Juniper | Risk Context N/A | 
| CVE-2023-36844 (6) | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticat... | MEDIUM | Juniper | Risk Context N/A | 
| CVE-2023-36847 (5) | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthentica... | MEDIUM | Juniper | Risk Context N/A | 
CISA Known Exploited Vulnerabilities
CISA added 0 vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
| CVE-2023-34039 | 
| CRITICAL CVSS 9.80 EPSS Score 0.12 EPSS Percentile 44.73 | 
| Actively Exploited Public Exploits Available | 
| Published: Aug. 29, 2023 | 
| Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-2868 | 
| CRITICAL CVSS 9.80 EPSS Score 2.77 EPSS Percentile 89.26 | 
| CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available | 
| Published: May 24, 2023 | 
| A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. | 
| Vendors Impacted: Barracuda Networks, Barracuda | 
| Products Impacted: Email Security Gateway 400, Email Security Gateway 300 Firmware, Email Security Gateway 600 Firmware, Email Security Gateway 900 Firmware, Email Security Gateway 800, Email Security Gateway 300, Email Security Gateway 900, Email Security Gateway 400 Firmware, Email Security Gateway 600, Email Security Gateway 800 Firmware, Email Security Gateway (Esg) Appliance | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-3519 | 
| CRITICAL CVSS 9.80 EPSS Score 91.20 EPSS Percentile 98.48 | 
| CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available | 
| Published: July 19, 2023 | 
| Unauthenticated remote code execution | 
| Vendor Impacted: Citrix | 
| Products Impacted: Netscaler Application Delivery Contr, Netscaler Gateway, Netscaler Adc And Netscaler Gateway | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-33246 | 
| CRITICAL CVSS 9.80 EPSS Score 96.39 EPSS Percentile 99.36 | 
| Actively Exploited Remote Code Execution Public Exploits Available | 
| Published: May 24, 2023 | 
| For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x . | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-20887 | 
| CRITICAL CVSS 9.80 EPSS Score 96.07 EPSS Percentile 99.27 | 
| CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available | 
| Published: June 7, 2023 | 
| Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. | 
| Vendor Impacted: Vmware | 
| Products Impacted: Aria Operations For Networks, Vrealize Network Insight | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-20890 | 
| HIGH CVSS 7.20 EPSS Score 0.09 EPSS Percentile 36.61 | 
| Remote Code Execution | 
| Published: Aug. 29, 2023 | 
| Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | 
| Vendor Impacted: Vmware | 
| Product Impacted: Aria Operations For Networks | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-36846 | 
| MEDIUM CVSS 5.30 EPSS Score 0.05 EPSS Percentile 13.95 | 
| Actively Exploited Remote Code Execution | 
| Published: Aug. 17, 2023 | 
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. | 
| Vendor Impacted: Juniper | 
| Products Impacted: Srx210, Srx550m, Srx650, Srx4200, Ex4300-24p, Ex2300-24mp, Srx1400, Srx3400, Ex4300-24p-S, Ex4300-48t-Dc-Afi, Ex2300m, Srx340, Ex4650, Srx4100, Ex4300, Ex4300-48t, Ex9214, Srx1500, Ex4300-24t-S, Junos, Ex4300-32f, Ex3200, Ex4300-48tdc, Ex4300m, Ex2300-48p, Ex4300-Mp, Ex4300-48tafi, Ex9253, Srx110, Ex8200, Ex9250, Ex4300-48t-S, Ex4300-48p, Srx4000, Srx4600, Ex9251, Srx300, Ex9200, Ex4300-48p-S, Ex9208, Ex4300-48mp-S, Ex6200, Ex4300-48t-Afi, Ex4300-48tdc-Afi, Ex4300-48t-Dc, Ex4600-Vc, Srx380, Ex4400, Ex9204, Srx5400, Ex3300-Vc, Ex4300-24t, Ex6210, Ex8216, Ex4200, Srx240m, Ex8200-Vc, Ex4550-Vc, Ex8208, Ex4300-32f-S, Ex4300-Vc, Srx240h2, Ex2300-48t, Ex2300, Ex3400, Srx320, Ex4550\/vc, Ex4500, Ex4500-Vc, Srx5600, Ex2200, Ex2300-24p, Ex4550, Srx3600, Srx240, Ex2300-48mp, Srx550, Ex2300-C, Srx100, Ex4300-48mp, Ex4200-Vc, Srx5000, Srx345, Ex4600, Ex2200-Vc, Srx220, Srx5800, Ex3300, Ex4300-32f-Dc, Ex2300-24t, Ex2200-C, Srx550 Hm | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-36845 | 
| MEDIUM CVSS 5.30 EPSS Score 0.05 EPSS Percentile 13.95 | 
| Risk Context N/A | 
| Published: Aug. 17, 2023 | 
| A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. | 
| Vendor Impacted: Juniper | 
| Products Impacted: Srx210, Srx550m, Srx650, Srx4200, Ex4300-24p, Ex2300-24mp, Srx1400, Srx3400, Ex4300-24p-S, Ex4300-48t-Dc-Afi, Ex2300m, Srx340, Ex4650, Srx4100, Ex4300, Ex4300-48t, Ex9214, Srx1500, Ex4300-24t-S, Junos, Ex4300-32f, Ex3200, Ex4300-48tdc, Ex4300m, Ex2300-48p, Ex4300-Mp, Ex4300-48tafi, Ex9253, Srx110, Ex8200, Ex9250, Ex4300-48t-S, Ex4300-48p, Srx4000, Srx4600, Ex9251, Srx300, Ex9200, Ex4300-48p-S, Ex9208, Ex4300-48mp-S, Ex6200, Ex4300-48t-Afi, Ex4300-48tdc-Afi, Ex4300-48t-Dc, Ex4600-Vc, Srx380, Ex4400, Ex9204, Srx5400, Ex3300-Vc, Ex4300-24t, Ex6210, Ex8216, Ex4200, Srx240m, Ex8200-Vc, Ex4550-Vc, Ex8208, Ex4300-32f-S, Ex4300-Vc, Srx240h2, Ex2300-48t, Ex2300, Ex3400, Srx320, Ex4550\/vc, Ex4500, Ex4500-Vc, Srx5600, Ex2200, Ex2300-24p, Ex4550, Srx3600, Srx240, Ex2300-48mp, Srx550, Ex2300-C, Srx100, Ex4300-48mp, Ex4200-Vc, Srx5000, Srx345, Ex4600, Ex2200-Vc, Srx220, Srx5800, Ex3300, Ex4300-32f-Dc, Ex2300-24t, Ex2200-C, Srx550 Hm | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-36844 | 
| MEDIUM CVSS 5.30 EPSS Score 1.68 EPSS Percentile 86.10 | 
| Risk Context N/A | 
| Published: Aug. 17, 2023 | 
| A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3. | 
| Vendor Impacted: Juniper | 
| Products Impacted: Srx210, Srx550m, Srx650, Srx4200, Ex4300-24p, Ex2300-24mp, Srx1400, Srx3400, Ex4300-24p-S, Ex4300-48t-Dc-Afi, Ex2300m, Srx340, Ex4650, Srx4100, Ex4300, Ex4300-48t, Ex9214, Srx1500, Ex4300-24t-S, Junos, Ex4300-32f, Ex3200, Ex4300-48tdc, Ex4300m, Ex2300-48p, Ex4300-Mp, Ex4300-48tafi, Ex9253, Srx110, Ex8200, Ex9250, Ex4300-48t-S, Ex4300-48p, Srx4000, Srx4600, Ex9251, Srx300, Ex9200, Ex4300-48p-S, Ex9208, Ex4300-48mp-S, Ex6200, Ex4300-48t-Afi, Ex4300-48tdc-Afi, Ex4300-48t-Dc, Ex4600-Vc, Srx380, Ex4400, Ex9204, Srx5400, Ex3300-Vc, Ex4300-24t, Ex6210, Ex8216, Ex4200, Srx240m, Ex8200-Vc, Ex4550-Vc, Ex8208, Ex4300-32f-S, Ex4300-Vc, Srx240h2, Ex2300-48t, Ex2300, Ex3400, Srx320, Ex4550\/vc, Ex4500, Ex4500-Vc, Srx5600, Ex2200, Ex2300-24p, Ex4550, Srx3600, Srx240, Ex2300-48mp, Srx550, Ex2300-C, Srx100, Ex4300-48mp, Ex4200-Vc, Srx5000, Srx345, Ex4600, Ex2200-Vc, Srx220, Srx5800, Ex3300, Ex4300-32f-Dc, Ex2300-24t, Ex2200-C, Srx550 Hm | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
| CVE-2023-36847 | 
| MEDIUM CVSS 5.30 EPSS Score 0.05 EPSS Percentile 13.95 | 
| Risk Context N/A | 
| Published: Aug. 17, 2023 | 
| A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. | 
| Vendor Impacted: Juniper | 
| Products Impacted: Srx210, Srx550m, Srx650, Srx4200, Ex4300-24p, Ex2300-24mp, Srx1400, Srx3400, Ex4300-24p-S, Ex4300-48t-Dc-Afi, Ex2300m, Srx340, Ex4650, Srx4100, Ex4300, Ex4300-48t, Ex9214, Srx1500, Ex4300-24t-S, Junos, Ex4300-32f, Ex3200, Ex4300-48tdc, Ex4300m, Ex2300-48p, Ex4300-Mp, Ex4300-48tafi, Ex9253, Srx110, Ex8200, Ex9250, Ex4300-48t-S, Ex4300-48p, Srx4000, Srx4600, Ex9251, Srx300, Ex9200, Ex4300-48p-S, Ex9208, Ex4300-48mp-S, Ex6200, Ex4300-48t-Afi, Ex4300-48tdc-Afi, Ex4300-48t-Dc, Ex4600-Vc, Srx380, Ex4400, Ex9204, Srx5400, Ex3300-Vc, Ex4300-24t, Ex6210, Ex8216, Ex4200, Srx240m, Ex8200-Vc, Ex4550-Vc, Ex8208, Ex4300-32f-S, Ex4300-Vc, Srx240h2, Ex2300-48t, Ex2300, Ex3400, Srx320, Ex4550\/vc, Ex4500, Ex4500-Vc, Srx5600, Ex2200, Ex2300-24p, Ex4550, Srx3600, Srx240, Ex2300-48mp, Srx550, Ex2300-C, Srx100, Ex4300-48mp, Ex4200-Vc, Srx5000, Srx345, Ex4600, Ex2200-Vc, Srx220, Srx5800, Ex3300, Ex4300-32f-Dc, Ex2300-24t, Ex2200-C, Srx550 Hm | 
| Quotes 
 | 
| Headlines 
 | 
| Back to top ↑ | 
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.


