VULNERA Pulse

SonicWall — SMA1000 Appliances

CVE-2025-23006 / Added: Jan. 24, 2025

CRITICAL CVSS 9.80 EPSS Score 1.37 EPSS Percentile 86.18

SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

Headlines

• Jan. 27, 2025 - 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)
• Jan. 27, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
• Jan. 26, 2025 - Week in review: 48k Fortinet firewalls open to attack, attackers "vishing" orgs via Microsoft Teams
• Jan. 24, 2025 - U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog
• Jan. 24, 2025 - SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild
• Jan. 23, 2025 - SonicWall releases patches for suspected zero-day bug
• Jan. 23, 2025 - SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Back to top ↑

JQuery — JQuery

CVE-2020-11023 / Added: Jan. 23, 2025

MEDIUM CVSS 6.10 EPSS Score 38.15 EPSS Percentile 97.30

JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.

Headlines

• Jan. 24, 2025 - CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
• Jan. 23, 2025 - U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

Back to top ↑

CVE-2025-20156

CRITICAL CVSS 9.90 EPSS Score 0.04 EPSS Percentile 17.83

Actively Exploited Remote Code Execution

Published: Jan. 22, 2025

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management.

Quotes

• This vulnerability exists because proper authorization is not enforced upon REST API users
• An attacker could exploit this vulnerability by sending API requests to a specific endpoint
• A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management
• Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC)

Headlines

• Jan. 24, 2025 - Cisco: Critical Meeting Management Bug Requires Urgent Patch
• Jan. 23, 2025 - Patch now: Cisco fixes critical Meeting Management flaw
• Jan. 23, 2025 - Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
• Jan. 23, 2025 - Cisco Fixes Critical Vulnerability in Meeting Management
• Jan. 23, 2025 - Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

CVE-2025-21556

CRITICAL CVSS 9.90 EPSS Score 0.04 EPSS Percentile 11.48

Risk Context N/A

Published: Jan. 21, 2025

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Quotes

• Includes patches for this alert as well as additional patches
• Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Agile PLM Framework

Headlines

• Jan. 23, 2025 - Think Patch Tuesday was bad? Oracle releases 603 fixes
• Jan. 22, 2025 - Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

CVE-2025-23006

CRITICAL CVSS 9.80 EPSS Score 1.37 EPSS Percentile 86.18

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Jan. 23, 2025

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

Vendor Impacted: Sonicwall

Products Impacted: Sra Ex9000 Firmware, Sma7210, Sma7200 Firmware, Sma6200 Firmware, Sma7210 Firmware, Sma6210 Firmware, Sra Ex6000, Sma6200, Sra Ex7000, Sra Ex9000, Sra Ex6000 Firmware, Sra Ex7000 Firmware, Sma1000 Appliances, Sma8200v, Sma6210, Sma7200

Quotes

• To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the AMC and CMC
• Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands

Headlines

• Jan. 24, 2025 - U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog
• Jan. 24, 2025 - SonicWall warns of a critical CVE-2025-23006 zero-day likely exploited in the wild
• Jan. 23, 2025 - SonicWall releases patches for suspected zero-day bug
• Jan. 23, 2025 - SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

CVE-2025-21535

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 11.48

Actively Exploited Remote Code Execution

Published: Jan. 21, 2025

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Quotes

• Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Agile PLM Framework

Headlines

• Jan. 24, 2025 - CVE-2025-21535 (CVSS 9.8): Vulnerability in Oracle WebLogic Server Could Lead to Remote Code Execution
• Jan. 22, 2025 - Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

CVE-2024-8963

CRITICAL CVSS 9.10 EPSS Score 96.72 EPSS Percentile 99.78

CISA Known Exploited Public Exploits Available

Published: Sept. 19, 2024

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Vendor Impacted: Ivanti

Products Impacted: Endpoint Manager Cloud Services Appliance, Cloud Services Appliance (Csa)

Quotes

• This vulnerability exists because proper authorization is not enforced upon REST API users
• CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials and implant webshells on victim networks

Headlines

• Jan. 23, 2025 - CISA: Ivanti Vulns Chained Together in Attacks
• Jan. 23, 2025 - Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
• Jan. 23, 2025 - Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
• Jan. 22, 2025 - CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications | CISA

CVE-2017-17215

HIGH CVSS 8.80 EPSS Score 27.98 EPSS Percentile 96.88

Actively Exploited Remote Code Execution Public Exploits Available

Published: March 20, 2018

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Vendor Impacted: Huawei

Products Impacted: Hg532, Hg532 Firmware

Quotes

• Demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks
• Each tasked with deciphering its activities and establishing communication with one of the compromised IPs implicated in this ongoing campaign

Headlines

• Jan. 21, 2025 - Mirai Botnet Spinoffs Unleash Global DDoS Attack Wave
• Jan. 21, 2025 - Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

CVE-2024-9380

HIGH CVSS 7.20 EPSS Score 4.27 EPSS Percentile 92.28

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: Oct. 8, 2024

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

Vendor Impacted: Ivanti

Products Impacted: Endpoint Manager Cloud Services Appliance, Cloud Services Appliance (Csa)

Quotes

• This vulnerability exists because proper authorization is not enforced upon REST API users
• CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials and implant webshells on victim networks
• All four vulnerabilities affect Ivanti CSA version 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below; according to Ivanti, these CVEs have not been exploited in version 5.0

Headlines

• Jan. 23, 2025 - CISA: Ivanti Vulns Chained Together in Attacks
• Jan. 23, 2025 - Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
• Jan. 23, 2025 - Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
• Jan. 22, 2025 - CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications | CISA

CVE-2024-9379

HIGH CVSS 7.20 EPSS Score 0.61 EPSS Percentile 78.69

CISA Known Exploited Public Exploits Available

Published: Oct. 8, 2024

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

Vendor Impacted: Ivanti

Products Impacted: Endpoint Manager Cloud Services Appliance, Cloud Services Appliance (Csa)

Quotes

• This vulnerability exists because proper authorization is not enforced upon REST API users
• CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials and implant webshells on victim networks
• All four vulnerabilities affect Ivanti CSA version 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below; according to Ivanti, these CVEs have not been exploited in version 5.0

Headlines

• Jan. 23, 2025 - CISA: Ivanti Vulns Chained Together in Attacks
• Jan. 23, 2025 - Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
• Jan. 23, 2025 - Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
• Jan. 22, 2025 - CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications | CISA

CVE-2024-8190

HIGH CVSS 7.20 EPSS Score 11.33 EPSS Percentile 95.24

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Sept. 10, 2024

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

Vendor Impacted: Ivanti

Product Impacted: Cloud Services Appliance

Quotes

• This vulnerability exists because proper authorization is not enforced upon REST API users
• CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials and implant webshells on victim networks

Headlines

• Jan. 23, 2025 - CISA: Ivanti Vulns Chained Together in Attacks
• Jan. 23, 2025 - Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
• Jan. 23, 2025 - Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
• Jan. 22, 2025 - CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications | CISA