Snapshot
Oct. 21, 2023 - Oct. 27, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-5631 | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. | MEDIUM | Roundcube | Oct. 26, 2023 |
CVE-2023-20273 | Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity. | HIGH | Cisco | Oct. 23, 2023 |
Newswires |
||||
Critical Vulnerability in F5 BIG-IP Configuration Utility Allows Remote Code Execution Attacks
A severe security flaw, tracked as CVE-2023-46747, has been discovered in the F5 BIG-IP configuration utility. |
Oct. 27, 2023 |
|||
Critical Vulnerability in Mirth Connect Threatens to Expose Sensitive Healthcare Data
Mirth Connect, a data integration platform developed by NextGen HealthCare, is under threat from a severe remote code execution vulnerability that can be exploited without any form of authentication. |
Oct. 26, 2023 |
|||
Russian APT28 Hackers Breach Critical Networks in France
The Russian APT28 hacking group, also known as 'Strontium' or 'Fancy Bear', has been actively infiltrating numerous critical networks in France. |
Oct. 26, 2023 |
|||
Unprecedented 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Vulnerability
Cloudflare has reported an unprecedented series of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently revealed vulnerability known as HTTP/2 Rapid Reset. |
Oct. 26, 2023 |
|||
Russian Hackers Exploit Roundcube Zero-Day to Target European Governments
Winter Vivern, a Russian hacking group, has been leveraging a zero-day vulnerability in Roundcube Webmail to attack European government entities and think tanks since at least October 11. |
Oct. 25, 2023 |
|||
VMware Addresses Critical Code Execution Vulnerability in vCenter Server
VMware has rolled out security patches to rectify a critical flaw in its vCenter Server, which if exploited, could enable remote code execution attacks on vulnerable servers. |
Oct. 25, 2023 |
|||
Rockwell Automation Alerts Customers of Cisco Zero-Day Impacting Stratix Switches
Rockwell Automation has issued a warning to its customers regarding the impact of a currently exploited Cisco IOS XE zero-day vulnerability on its Stratix industrial switches. |
Oct. 24, 2023 |
|||
VMware Alerts Users to Public Exploit for vRealize RCE Vulnerability
On Monday, VMware warned its customers about the existence of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in its product, vRealize Log Insight, now renamed as VMware Aria Operations for Logs. |
Oct. 24, 2023 |
|||
Unmasking Operation Triangulation: In-depth Analysis of iOS Zero-Day Attacks
Kaspersky's investigation into a sophisticated attack on Apple iOS devices, known as Operation Triangulation, has revealed the use of a malicious implant called TriangleDB. |
Oct. 24, 2023 |
|||
Microsoft Exchange Server Vulnerability: PoC Exploit for CVE-2023-36745 Published
A Proof-of-Concept (PoC) exploit has been made public for a Microsoft Exchange Server vulnerability, identified as CVE-2023-36745, which can enable remote attackers to execute code. |
Oct. 24, 2023 |
|||
Citrix Urges Immediate Patching of NetScaler CVE-2023-4966 Vulnerability Amid Ongoing Attacks
Citrix has alerted administrators today to secure all NetScaler ADC and Gateway appliances against ongoing attacks that exploit the CVE-2023-4966 vulnerability. |
Oct. 23, 2023 |
|||
Cisco Addresses Zero-Day Vulnerabilities in IOS XE Devices
Cisco has remedied two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that were recently exploited by a threat actor to breach a multitude of IOS XE devices. |
Oct. 23, 2023 |
|||
Hackers Modify Cisco IOS XE Backdoor to Evade Detection
The number of infected Cisco IOS XE devices has significantly dropped from over 50,000 to a few hundred after hackers updated a malicious backdoor to evade detection. |
Oct. 22, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-20198 (19) | Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software wh... | CRITICAL | Cisco |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-34048 (10) | vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. | CRITICAL |
Remote Code Execution |
|
CVE-2023-46747 (6) | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-... | CRITICAL |
Remote Code Execution Public Exploits Available |
|
CVE-2023-32434 (8) | An integer overflow was addressed with improved input validation. | HIGH | Apple |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-4966 (7) | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA ?virtual?server. | HIGH | Citrix |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-20273 (16) | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject comman... | HIGH | Cisco |
CISA Known Exploited |
CVE-2020-35730 (9) | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. | MEDIUM | Debian, Fedoraproject, Roundcube |
CISA Known Exploited |
CVE-2023-5631 (11) | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a craf... | MEDIUM | Debian, Roundcube |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2023-34056 (10) | vCenter Server contains a partial information disclosure vulnerability. | MEDIUM | Risk Context N/A | |
CVE-2023-34051 (6) | VMware Aria Operations for Logs contains an authentication bypass vulnerability. | N/A |
Remote Code Execution Public Exploits Available |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-20198 |
CRITICAL CVSS 10.00 EPSS Score 1.90 EPSS Percentile 87.20 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 16, 2023 |
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory Cisco will provide updates on the status of this investigation and when a software patch is available. |
Vendor Impacted: Cisco |
Products Impacted: Ios Xe Web Ui, Ios Xe |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-34048 |
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 12.81 |
Remote Code Execution |
Published: Oct. 25, 2023 |
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-46747 |
CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 38.53 |
Remote Code Execution Public Exploits Available |
Published: Oct. 26, 2023 |
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-32434 |
HIGH CVSS 7.80 EPSS Score 0.07 EPSS Percentile 30.74 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: June 23, 2023 |
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. |
Vendor Impacted: Apple |
Products Impacted: Watchos, Ipados, Multiple Products, Macos, Iphone Os |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-4966 |
HIGH CVSS 7.50 EPSS Score 17.99 EPSS Percentile 95.58 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 10, 2023 |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. |
Vendor Impacted: Citrix |
Products Impacted: Netscaler Gateway, Netscaler Adc And Netscaler Gateway, Netscaler Application Delivery Contr |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20273 |
HIGH CVSS 7.20 EPSS Score 1.18 EPSS Percentile 83.51 |
CISA Known Exploited |
Published: Oct. 25, 2023 |
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. |
Vendor Impacted: Cisco |
Product Impacted: Cisco Ios Xe Web Ui |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-34056 |
MEDIUM CVSS 4.30 EPSS Score 0.04 EPSS Percentile 7.24 |
Risk Context N/A |
Published: Oct. 25, 2023 |
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-34051 |
CVSS Not Assigned EPSS Score 0.05 EPSS Percentile 14.69 |
Remote Code Execution Public Exploits Available |
Published: Oct. 20, 2023 |
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.