VULNERA Pulse

IBM — Aspera Faspex

CVE-2022-47986 / Added: Feb. 21, 2023

CRITICAL CVSS 9.80

IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.

Headlines

• Feb. 22, 2023 - CISA adds IBM Aspera Faspex and Mitel MiVoice to Known Exploited Vulnerabilities Catalog
• Feb. 22, 2023 - CISA Warns of Two Mitel Vulnerabilities Exploited in Wild
• Feb. 22, 2023 - U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
• Feb. 15, 2023 - Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild

Back to top ↑

Mitel — MiVoice Connect

CVE-2022-41223 / Added: Feb. 21, 2023

MEDIUM CVSS 6.80

The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.

Headlines

• Feb. 22, 2023 - CISA adds IBM Aspera Faspex and Mitel MiVoice to Known Exploited Vulnerabilities Catalog
• Feb. 22, 2023 - CISA Warns of Two Mitel Vulnerabilities Exploited in Wild
• Feb. 22, 2023 - U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

Back to top ↑

Mitel — MiVoice Connect

CVE-2022-40765 / Added: Feb. 21, 2023

MEDIUM CVSS 6.80

The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.

Headlines

• Feb. 22, 2023 - CISA adds IBM Aspera Faspex and Mitel MiVoice to Known Exploited Vulnerabilities Catalog
• Feb. 22, 2023 - CISA Warns of Two Mitel Vulnerabilities Exploited in Wild
• Feb. 22, 2023 - U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

Back to top ↑

CVE-2022-39952

CRITICAL CVSS 9.80

Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Feb. 16, 2023

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

Quotes

• The fact is most organizations leverage FortiNAC in air-gapped environments that are not exposed to the internet. And while Fortinet has a vast cybersecurity portfolio and has shipped over 10M units, in reality, there aren’t 711,234 devices out there that are vulnerable. This is an understandable misunderstanding because we ship more security appliances than anyone, but the reports are false
• Unzip will allow placing files in any paths as long as they do not traverse above the current working directory
• An external control of file name or path vulnerability [CWE-73]in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system
• We are seeing Fortinet FortiNAC CVE-2022-39952 exploitation attempts from multiple IPs in our honeypot sensors
• Will allow placing files in any paths as long as they do not traverse above the current working directory
• Similar to the weaponization of previous archive vulnerability issues that allow arbitrary file write, we use this vulnerability to write a cron job to /etc/cron.d/payload. This cron job gets triggered every minute and initiates a reverse shell to the attacker
• An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system

Headlines

• Feb. 24, 2023 - Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability
• Feb. 24, 2023 - Companies urged to patch critical vulnerability in Fortinet FortiNAC
• Feb. 23, 2023 - Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit
• Feb. 23, 2023 - Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch
• Feb. 22, 2023 - Hackers now exploit critical Fortinet bug to backdoor servers
• Feb. 22, 2023 - Exploit Code Released for Critical Fortinet RCE Bug
• Feb. 21, 2023 - PoC exploit code for critical Fortinet FortiNAC bug released online
• Feb. 21, 2023 - Exploit released for critical Fortinet RCE flaw, patch now
• Feb. 21, 2023 - Exploit released for critical Fortinet RCE flaws, patch now
• Feb. 21, 2023 - PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952) - Help Net Security
• Feb. 20, 2023 - Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb
• Feb. 20, 2023 - Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952) - Help Net Security
• Feb. 19, 2023 - Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

CVE-2021-42756

CRITICAL CVSS 9.80

Actively Exploited Remote Code Execution

Published: Feb. 16, 2023

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Quotes

• An external control of file name or path vulnerability [CWE-73]in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system
• An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system

Headlines

• Feb. 23, 2023 - Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit
• Feb. 21, 2023 - PoC exploit code for critical Fortinet FortiNAC bug released online
• Feb. 20, 2023 - Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb
• Feb. 20, 2023 - Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952) - Help Net Security
• Feb. 19, 2023 - Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

CVE-2022-42475

CRITICAL CVSS 9.80

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Jan. 2, 2023

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Vendor Impacted: Fortinet

Products Impacted: Fpm-7620f, Fortigate-6601f, Fim-7910e, Fortigate-7121f, Fortigate-7040e, Fortigate-6501f-Dc, Fortigate-7030e, Fpm-7630e, Fortigate-6501f, Fortiproxy, Fim-7921f, Fpm-7620e, Fortigate-6300f, Fortigate-7060e, Fortios, Fortigate-6601f-Dc, Fim-7904e, Fortigate-6300f-Dc, Fortigate-6500f, Fim-7920e, Fortigate-6500f-Dc, Fim-7901e, Fim-7941f

Headlines

• Feb. 23, 2023 - Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch
• Feb. 22, 2023 - Hackers now exploit critical Fortinet bug to backdoor servers
• Feb. 20, 2023 - Fortinet Patches Critical Code Execution Vulnerabilities in FortiNAC, FortiWeb
• Feb. 20, 2023 - Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952) - Help Net Security

CVE-2022-40765

MEDIUM CVSS 6.80

CISA Known Exploited Actively Exploited

Published: Nov. 22, 2022

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

Vendor Impacted: Mitel

Product Impacted: Mivoice Connect

Quotes

• Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information disclosure, denial-of-service, or bypass IP address authentication

Headlines

• Feb. 22, 2023 - CISA adds IBM Aspera Faspex and Mitel MiVoice to Known Exploited Vulnerabilities Catalog
• Feb. 22, 2023 - CISA Warns of Two Mitel Vulnerabilities Exploited in Wild
• Feb. 22, 2023 - U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

CVE-2023-20858

CVSS Not Assigned

Used In Ransomware

Published: Feb. 22, 2023

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

Quotes

• A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system
• A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges

Headlines

• Feb. 22, 2023 - VMware warns admins of critical Carbon Black App Control flaw
• Feb. 22, 2023 - VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858) - Help Net Security
• Feb. 22, 2023 - VMware Patches Critical Vulnerability in Carbon Black App Control Product
• Feb. 22, 2023 - VMware Carbon Black has critical vulnerability
• Feb. 21, 2023 - VMware Plugs Critical Carbon Black App Control Flaw

CVE-2023-20855

CVSS Not Assigned

Risk Context N/A

Published: Feb. 22, 2023

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.

Quotes

• A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system
• A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges

Headlines

• Feb. 22, 2023 - VMware warns admins of critical Carbon Black App Control flaw
• Feb. 22, 2023 - VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858) - Help Net Security
• Feb. 22, 2023 - VMware Patches Critical Vulnerability in Carbon Black App Control Product
• Feb. 22, 2023 - VMware Carbon Black has critical vulnerability