VULNERA Pulse

Apple — iOS

CVE-2022-42856 / Added: Dec. 14, 2022

CVSS Not Assigned

Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.

Headlines

• Dec. 16, 2022 - iOS 16—Why You Need To Update To The Latest iPhone Software
• Dec. 14, 2022 - Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability
• Dec. 14, 2022 - We finally know why Apple pushed out that emergency 16.1.2 update
• Dec. 14, 2022 - Apple fixed the tenth actively exploited zero-day this year
• Dec. 14, 2022 - Big Sur 11.7.2 and Monterey 12.6.2 bring a slew of security updates to older Macs
• Dec. 14, 2022 - New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products
• Dec. 14, 2022 - Apple patches everything, finally reveals mystery of iOS 16.1.2
• Dec. 13, 2022 - Apple Fixes 'Actively Exploited' Zero-Day Affecting Most iPhones
• Dec. 13, 2022 - Apple、iPhone 6s以降のiPhoneやiPad Air 2/mini 4以降のiPadに対し既に悪用された可能性のあるWebKitのゼロデイ脆弱性を修正した「iOS/iPadOS 15.7.2」をリリース。
• Dec. 13, 2022 - Apple Fixes 'Actively Exploited' Zero-Day Affecting Most iPhones

Back to top ↑

Citrix — Application Delivery Controller (ADC) and Gateway

CVE-2022-27518 / Added: Dec. 13, 2022

CRITICAL CVSS 9.80

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability which allows an attacker to execute code as administrator.

Headlines

• Dec. 15, 2022 - NSA warns Citrix devices are under attack from Chinese hackers, so update now
• Dec. 15, 2022 - NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear
• Dec. 14, 2022 - NSA Says Chinese Hackers Are Exploiting a Zero-Day Bug in Popular Networking Gear
• Dec. 14, 2022 - Alert issued to update Citrix ADC, Gateway devices
• Dec. 14, 2022 - NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear
• Dec. 14, 2022 - NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear
• Dec. 14, 2022 - Citrix patches critical ADC flaw the NSA says is already under attack from China
• Dec. 14, 2022 - Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
• Dec. 14, 2022 - Citrix ADC and Gateway need urgent patches
• Dec. 13, 2022 - Hackers exploit critical Citrix ADC and Gateway zero day, patch now
• Dec. 13, 2022 - Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
• Dec. 13, 2022 - CVE-2022-27518: Unauthenticated RCE in Citrix ADC and Gateway

Back to top ↑

Fortinet — FortiOS

CVE-2022-42475 / Added: Dec. 13, 2022

CVSS Not Assigned

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Headlines

• Dec. 13, 2022 - Fortinet Releases Security Updates for FortiOS
• Dec. 13, 2022 - Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
• Dec. 13, 2022 - Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability
• Dec. 12, 2022 - Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks
• Dec. 12, 2022 - Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug

Back to top ↑

Microsoft — Defender

CVE-2022-44698 / Added: Dec. 13, 2022

CVSS Not Assigned

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Headlines

• Dec. 16, 2022 - Researcher Bypasses Akamai WAF
• Dec. 16, 2022 - Patch Tuesday: Two zero-day flaws in Windows zero-days immediate attention
• Dec. 15, 2022 - Microsoft's Patch Tuesday squashes 49 bugs to end the year
• Dec. 15, 2022 - S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]
• Dec. 15, 2022 - Update Windows now to patch this under-attack vulnerability
• Dec. 14, 2022 - December 2022 Patch Tuesday fixed 2 zero-day flaws
• Dec. 14, 2022 - Microsoft Patch Tuesday, December 2022 Edition
• Dec. 14, 2022 - Two Zero-Days Fixed in December Patch Tuesday
• Dec. 14, 2022 - Windows 10 And 11 Security Feature Alerts Bypassed By Attackers
• Dec. 14, 2022 - Windows 10 And 11 Security Feature Alerts Bypassed By Attackers
• Dec. 14, 2022 - December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More
• Dec. 14, 2022 - Microsoft Patch Tuesday fixes six critical vulnerabilities
• Dec. 14, 2022 - Microsoft isn't the only one fixing a bug that's being exploited this Patch Tuesday

Back to top ↑

Veeam — Backup & Replication

CVE-2022-26501 / Added: Dec. 13, 2022

CRITICAL CVSS 9.80

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Headlines

• Aug. 19, 2022 - API security: Broken access controls, injection attacks plague the enterprise security landscape in 2022

Back to top ↑

Veeam — Backup & Replication

CVE-2022-26500 / Added: Dec. 13, 2022

HIGH CVSS 8.80

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Headlines

• Dec. 16, 2022 - CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog
• Dec. 16, 2022 - CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks
• Oct. 24, 2022 - Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App

Back to top ↑

CVE-2022-42856

CVSS Not Assigned

CISA Known Exploited Actively Exploited

Published: Dec. 15, 2022

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..

Vendor Impacted: Apple

Product Impacted: Ios

Quotes

• Is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1 - Forbes - Cybersecurity
• Let's start with a very softly-softly approach - Naked Security - Sophos
• Against versions of iOS released before iOS 15.1 - Naked Security - Sophos
• Processing maliciously crafted web content may lead to arbitrary code execution - infosecurity-magazine.com
• For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available - Latest news
• Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1 - SecurityWeek
• Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1 - Security Affairs
• Potentially allow an attacker to gain full control of a device remotely - Forbes - Cybersecurity
• Aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1 - The Hacker News

Headlines

• Dec. 16, 2022 - iOS 16—Why You Need To Update To The Latest iPhone Software
• Dec. 15, 2022 - S3 Ep113: Pwning the Windows kernel – the crooks who hoodwinked Microsoft [Audio + Text]
• Dec. 14, 2022 - Apple patches everything, finally reveals mystery of iOS 16.1.2
• Dec. 14, 2022 - Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability
• Dec. 14, 2022 - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
• Dec. 14, 2022 - We finally know why Apple pushed out that emergency 16.1.2 update
• Dec. 14, 2022 - iOS 16.2: These security updates will protect your iPhone from multiple vulnerabilities
• Dec. 14, 2022 - Apple Patches Zero-Day Vulnerability Exploited Against iPhones
• Dec. 14, 2022 - Apple fixed the tenth actively exploited zero-day this year
• Dec. 14, 2022 - Big Sur 11.7.2 and Monterey 12.6.2 bring a slew of security updates to older Macs
• Dec. 14, 2022 - iOS 16.2—Apple Just Gave iPhone Users 35 Reasons To Update Now
• Dec. 14, 2022 - New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products
• Dec. 13, 2022 - Apple Fixes 'Actively Exploited' Zero-Day Affecting Most iPhones
• Dec. 13, 2022 - Apple、iPhone 6s以降のiPhoneやiPad Air 2/mini 4以降のiPadに対し既に悪用された可能性のあるWebKitのゼロデイ脆弱性を修正した「iOS/iPadOS 15.7.2」をリリース。

CVE-2022-31705

CVSS Not Assigned

Risk Context N/A

Published: Dec. 14, 2022

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

Quotes

• VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI) - Security Affairs
• Beyond disabling SAML authentication or upgrading to a current build - The Hacker News
• An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging - The Register - Security
• Successful exploitation of these vulnerabilities could result in arbitrary code execution and security feature bypass - SecurityWeek
• On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed - SecurityWeek

Headlines

• Dec. 14, 2022 - VMware releases updates for Workstation Pro and Player to fix Windows 11 unsupported CPU bug
• Dec. 14, 2022 - VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest
• Dec. 14, 2022 - Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
• Dec. 14, 2022 - Microsoft ain't the only one squashing exploited-in-the-wild bugs this month
• Dec. 14, 2022 - Microsoft isn't the only one fixing a bug that's being exploited this Patch Tuesday
• Dec. 13, 2022 - Adobe Patches 38 Flaws in Enterprise Software Products
• Dec. 13, 2022 - VMware Patches VM Escape Flaw Exploited at Geekpwn Event

CVE-2022-31702

CRITICAL CVSS 9.80

Risk Context N/A

Published: Dec. 14, 2022

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.

Vendor Impacted: Vmware

Product Impacted: Vrealize Network Insight

Quotes

• VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI) - Security Affairs
• An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging - The Register - Security

Headlines

• Dec. 14, 2022 - VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest
• Dec. 14, 2022 - Microsoft isn't the only one fixing a bug that's being exploited this Patch Tuesday
• Dec. 14, 2022 - Microsoft ain't the only one squashing exploited-in-the-wild bugs this month

CVE-2022-41127

HIGH CVSS 8.50

Remote Code Execution

Published: Dec. 13, 2022

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.

Vendor Impacted: Microsoft

Products Impacted: Dynamics 365 Business Central, Dynamics Nav

Quotes

• Requires an attacker to take additional actions prior to exploitation to prepare the target environment - iTnews - Security
• An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging - The Register - Security

Headlines

• Dec. 14, 2022 - Seven critical vulnerabilities round out Microsoft's 2022
• Dec. 14, 2022 - Microsoft isn't the only one fixing a bug that's being exploited this Patch Tuesday
• Dec. 14, 2022 - Microsoft ain't the only one squashing exploited-in-the-wild bugs this month
• Dec. 13, 2022 - Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
• Dec. 13, 2022 - Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

CVE-2022-41089

HIGH CVSS 8.80

Remote Code Execution

Published: Dec. 13, 2022

.NET Framework Remote Code Execution Vulnerability.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2019, .net, Windows 11, Windows Server 2012, Windows 10, Windows 7, Windows Server 2008, Windows Server 2016, Windows Rt 8.1, Windows 8.1, Windows Server 2022

Quotes

• Requires an attacker to take additional actions prior to exploitation to prepare the target environment - iTnews - Security
• An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging - Dark Reading

Headlines

• Dec. 16, 2022 - Patch Tuesday: Two zero-day flaws in Windows need immediate attention
• Dec. 16, 2022 - Patch Tuesday: Two zero-day flaws in Windows zero-days immediate attention
• Dec. 14, 2022 - Seven critical vulnerabilities round out Microsoft's 2022
• Dec. 13, 2022 - Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
• Dec. 13, 2022 - .NET Framework December 2022 Security and Quality Rollup Updates
• Dec. 13, 2022 - .NET December 2022 Updates – .NET 7.0.1, .NET 6.0.12, .NET Core 3.1.32

CVE-2022-41076

HIGH CVSS 8.50

Remote Code Execution

Published: Dec. 13, 2022

PowerShell Remote Code Execution Vulnerability.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2019, Windows 11, Windows Server 2012, Windows 10, Windows 7, Windows Server 2008, Windows Server 2016, Powershell, Windows Rt 8.1, Windows 8.1, Windows Server 2022

Quotes

• Work backwards to the attack - Naked Security - Sophos
• This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros, said Greg Wiseman, product manager at security firm Rapid7. This is the second Mark of the Web flaw Microsoft has patched in as many months; both were first publicly detailed over the past two months on Twitter by security researcher Will Dormann. Publicly disclosed (but not actively exploited for now) is CVE-2022-44710, which is an elevation of privilege flaw in the DirectX graphics component of Windows 11. Another notable critical bug is CVE-2022-41076, a remote code execution flaw in PowerShell -- a key component of Windows that makes it easier to automate system tasks and configurations. Kevin Breen at Immersive Labs said while Microsoft doesn't share much detail about CVE-2022-41076 apart from the designation 'Exploitation More Likely,' they also note that successful exploitation requires an attacker to take additional actions to prepare the target environment - Krebs on Security
• More likely to be exploited - infosecurity-magazine.com
• It allows attackers to craft documents that won't get tagged with Microsoft's 'Mark of the Web' despite being downloaded from untrusted sites - The Hacker News
• Requires an attacker to take additional actions prior to exploitation to prepare the target environment - iTnews - Security
• An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging - The Register - Security
• Driver Certificate Deprecation Defense in Depth - Sophos News

Headlines

• Dec. 16, 2022 - Patch Tuesday: Two zero-day flaws in Windows need immediate attention
• Dec. 16, 2022 - Patch Tuesday: Two zero-day flaws in Windows zero-days immediate attention
• Dec. 14, 2022 - Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
• Dec. 14, 2022 - Microsoft Patch Tuesday, December 2022 Edition
• Dec. 14, 2022 - Two Zero-Days Fixed in December Patch Tuesday
• Dec. 14, 2022 - December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More
• Dec. 14, 2022 - Seven critical vulnerabilities round out Microsoft's 2022
• Dec. 14, 2022 - Microsoft ain't the only one squashing exploited-in-the-wild bugs this month
• Dec. 14, 2022 - Microsoft isn't the only one fixing a bug that's being exploited this Patch Tuesday
• Dec. 13, 2022 - Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
• Dec. 13, 2022 - Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities
• Dec. 13, 2022 - 2022 Patch Tuesday cycle wraps with 48 CVEs, one advisory

CVE-2022-27518

CRITICAL CVSS 9.80

CISA Known Exploited Actively Exploited

Published: Dec. 13, 2022

Unauthenticated remote arbitrary code execution

Vendor Impacted: Citrix

Products Impacted: Application Delivery Controller Firm, Application Delivery Controller (Adc) And Gateway

Quotes

• Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance - The Register - Security
• Beyond disabling SAML authentication or upgrading to a current build - The Hacker News
• Configured with an SAML SP or IdP configuration to be affected - iTnews - Security
• An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging - The Register - Security
• We are aware of a small number of targeted attacks in the wild using this vulnerability - Security Affairs
• Both must be configured with an SAML SP or IdP configuration to be affected - Dark Reading

Headlines

• Dec. 16, 2022 - Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat
• Dec. 15, 2022 - NSA warns Citrix devices are under attack from Chinese hackers, so update now
• Dec. 15, 2022 - NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear
• Dec. 14, 2022 - NSA Says Chinese Hackers Are Exploiting a Zero-Day Bug in Popular Networking Gear
• Dec. 14, 2022 - Alert issued to update Citrix ADC, Gateway devices
• Dec. 14, 2022 - Citrix patches critical ADC flaw the NSA says is already under attack from China
• Dec. 14, 2022 - A vulnerability has been discovered in Citrix Gateway and Citrix ADC which could allow for remote code execution
• Dec. 14, 2022 - Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
• Dec. 14, 2022 - Citrix ADC and Gateway need urgent patches
• Dec. 14, 2022 - Microsoft isn't the only one fixing a bug that's being exploited this Patch Tuesday
• Dec. 14, 2022 - Microsoft ain't the only one squashing exploited-in-the-wild bugs this month
• Dec. 13, 2022 - Hackers exploit critical Citrix ADC and Gateway zero day, patch now
• Dec. 13, 2022 - Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway
• Dec. 13, 2022 - Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw
• Dec. 13, 2022 - Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
• Dec. 13, 2022 - CVE-2022-27518: Unauthenticated RCE in Citrix ADC and Gateway
• Dec. 13, 2022 - NSA Outs Chinese Hackers Exploiting Citrix Zero-Day

CVE-2022-41128

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Nov. 9, 2022

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2019, Windows 11, Windows, Windows Server 2012, Windows Server 2008, Windows 10, Windows 7, Windows Server 2016, Windows 8.1, Windows Server 2022

Quotes

• This technique has been widely used to distribute IE exploits via Office files since 2017. Delivering IE exploits via this vector has the advantage of not requiring the target to use Internet Explorer as its default browser - Latest news
• I believe that is possible. But we need a reset, and a pathway to get there - The Register - Security

Headlines

• Dec. 15, 2022 - Windows: Still insecure after all these years
• Dec. 12, 2022 - Hackers used Internet Explorer's zero-day vulnerability to spread malware
• Dec. 11, 2022 - Japan, Australia, to bolster cyber-defenses, maybe offensive capacity too
• Dec. 11, 2022 - Japan, Australia to bolster cyber-defenses, maybe offensive capacity too

CVE-2022-37958

HIGH CVSS 7.50

Risk Context N/A

Published: Sept. 13, 2022

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.

Quotes

• Simple and Protected GSSAPI Negotiation Mechanism - Blog – Hackaday
• The vulnerability could allow attackers to remotely execute arbitrary code by accessing the NEGOEX protocol via any Windows application protocol that authenticates, such as Server Message Block (SMB) or Remote Desktop Protocol (RDP), by default - SecurityWeek
• This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols - The Hacker News
• Requires an attacker to take additional actions prior to exploitation to prepare the target environment - iTnews - Security

Headlines

• Dec. 16, 2022 - This Week In Security: Scamming the FBI, In The Wild, and AI Security
• Dec. 16, 2022 - Microsoft Reclassifies Windows Flaw After IBM Researcher Proves Remote Code Execution
• Dec. 16, 2022 - Microsoft revised CVE-2022-37958 severity due to its broader scope
• Dec. 15, 2022 - Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'
• Dec. 14, 2022 - Seven critical vulnerabilities round out Microsoft's 2022
• Dec. 13, 2022 - Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

CVE-2022-26501

CRITICAL CVSS 9.80

CISA Known Exploited Actively Exploited

Published: March 17, 2022

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).

Vendor Impacted: Veeam

Product Impacted: Backup & Replication

Quotes

• Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system - Security Affairs
• The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions - The Hacker News
• Fully weaponized tool for remote code execution - SecurityWeek

Headlines

• Dec. 16, 2022 - CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog
• Dec. 16, 2022 - CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks
• Dec. 15, 2022 - Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here
• Dec. 14, 2022 - CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks

CVE-2022-26500

HIGH CVSS 8.80

CISA Known Exploited Used In Ransomware

Published: March 17, 2022

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.

Vendor Impacted: Veeam

Product Impacted: Backup & Replication

Quotes

• Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system - Security Affairs
• The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions - The Hacker News
• Fully weaponized tool for remote code execution - SecurityWeek

Headlines

• Dec. 16, 2022 - CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog
• Dec. 16, 2022 - CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks
• Dec. 15, 2022 - Threat Source newsletter (Dec. 15, 2022): Talos Year in Review is here
• Dec. 14, 2022 - CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks

CVE-2017-0144

HIGH CVSS 9.30

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: March 17, 2017

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

Vendor Impacted: Microsoft

Product Impacted: Smbv1

Quotes

• The vulnerability could allow attackers to remotely execute arbitrary code by accessing the NEGOEX protocol via any Windows application protocol that authenticates, such as Server Message Block (SMB) or Remote Desktop Protocol (RDP), by default - SecurityWeek
• This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols - The Hacker News

Headlines

• Dec. 16, 2022 - Microsoft Reclassifies Windows Flaw After IBM Researcher Proves Remote Code Execution
• Dec. 16, 2022 - Microsoft revised CVE-2022-37958 severity due to its broader scope
• Dec. 15, 2022 - Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'
• Dec. 13, 2022 - Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism