VULNERA Pulse

Arm — Mali Graphics Processing Unit (GPU)

CVE-2023-26083 / Added: April 7, 2023

CVSS Not Assigned

Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

Headlines

• April 7, 2023 - CISA orders agencies to patch Backup Exec bugs used by ransomware gang
• March 29, 2023 - Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

Back to top ↑

Microsoft — Windows

CVE-2019-1388 / Added: April 7, 2023

HIGH CVSS 7.80

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

Headlines

• April 7, 2023 - CISA orders agencies to patch Backup Exec bugs used by ransomware gang

Back to top ↑

Veritas — Backup Exec Agent

CVE-2021-27877 / Added: April 7, 2023

CRITICAL CVSS 9.80

Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.

Headlines

• April 7, 2023 - CISA orders agencies to patch Backup Exec bugs used by ransomware gang

Back to top ↑

Veritas — Backup Exec Agent

CVE-2021-27878 / Added: April 7, 2023

HIGH CVSS 8.80

Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.

Headlines

• April 7, 2023 - CISA orders agencies to patch Backup Exec bugs used by ransomware gang

Back to top ↑

Veritas — Backup Exec Agent

CVE-2021-27876 / Added: April 7, 2023

HIGH CVSS 8.10

Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.

Headlines

• April 7, 2023 - CISA orders agencies to patch Backup Exec bugs used by ransomware gang

Back to top ↑

Zimbra — Collaboration (ZCS)

CVE-2022-27926 / Added: April 3, 2023

MEDIUM CVSS 6.10

Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.

Headlines

• April 4, 2023 - CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog
• April 4, 2023 - Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List
• April 3, 2023 - CISA warns of Zimbra bug exploited in attacks against NATO countries
• March 31, 2023 - Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
• March 31, 2023 - Russian APT group Winter Vivern targets email portals of NATO and diplomats
• March 31, 2023 - Pro-Russia cyber spies target US, European govt agencies
• March 30, 2023 - Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
• March 30, 2023 - APT group Winter Vivern exploits Zimbra webmail flaw to target government entities

Back to top ↑

CVE-2023-1748

CRITICAL CVSS 9.30

Risk Context N/A

Published: April 4, 2023

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.

Quotes

• Immediately unplug all Nexx devices
• Successful exploitation of these vulnerabilities could allow an authenticated user to inject arbitrary operating system commands
• Nexx has not replied to any correspondence from myself, DHS (CISA and US-CERT) or VICE Media Group
• The ‘S’ in IoT stands for security
• Nexx has not replied to any correspondence from myself, DHS (CISA and US-CERT) or VICE Media Group. I have independently verified Nexx has purposefully ignored all our attempts to assist with remediation and has let these critical flaws continue to affect their customers

Headlines

• April 7, 2023 - CISA sounds alarm over Nexx smart home vulnerabilities
• April 7, 2023 - CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products
• April 5, 2023 - Nexx bugs allow to open garage doors, and take control of alarms and plugs
• April 5, 2023 - US government warning! What if anyone could open your garage door?
• April 5, 2023 - Hackers can open Nexx garage doors remotely, and there's no fix
• April 4, 2023 - Nexx Smart Home Device | CISA

CVE-2023-23529

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Feb. 27, 2023

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Vendor Impacted: Apple

Products Impacted: Ipados, Multiple Products, Macos, Iphone Os, Safari

Quotes

• Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited
• Apple is aware of a report that this issue may have been actively exploited

Headlines

• April 7, 2023 - Apple addressed two actively exploited zero-day flaws
• April 7, 2023 - Apple fixes two zero-days exploited to hack iPhones and Macs
• April 2, 2023 - Week in review: 3CX supply chain attack, ChatGPT data leak

CVE-2013-3900

HIGH CVSS 7.60

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Dec. 11, 2013

The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2012, Windows Rt 8.1, Windows 10, Windows 11, Windows Server 2019, Windows Server 2008, Windows Server 2003, Windows Vista, Winverifytrust Function, Windows Xp, Windows Server 2022, Windows 8.1, Windows 7, Windows Server 2016

Quotes

• Just a handful of WEEKS
• Why does software continue to have so many vulnerabilities
• Co-existed on victim machines with AppleJeus, a backdoor attributed to the Korean-speaking threat actor Lazarus
• The discovery of the new Gopuram infections allowed us to attribute the 3CX campaign to the Lazarus threat actor with medium to high confidence
• The discovery of the new Gopuram infections allowed us to attribute the 3CX campaign to the Lazarus threat actor with medium to high confidence. We believe that Gopuram is the main implant and the final payload in the attack chain
• On March 29th, 3CX received reports from a third party of a malicious actor exploiting a vulnerability in our product. We took immediate steps to investigate the incident, retaining Mandiant, leading global cybersecurity experts
• This may indicate that the threat actor is mainly targeting enterprises in those regions – however, this is uncertain. This could be indicative of 3CX product’s geographic customer base – including the possibility of various multinational corporations operating inside those regions

Headlines

• April 7, 2023 - This Week In Security: Cookie Monster, CyberGhost, NEXX, And Dead Angles
• April 7, 2023 - April 2023 Patch Tuesday forecast: The vulnerability discovery race
• April 4, 2023 - Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack
• April 3, 2023 - 3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor
• April 3, 2023 - Cryptocurrency companies backdoored in 3CX supply chain attack
• April 3, 2023 - 3CX supply chain attack: What do we know?
• April 3, 2023 - Europe, North America Most Impacted by 3CX Supply Chain Hack

CVE-2022-27926

MEDIUM CVSS 6.10

CISA Known Exploited Actively Exploited Remote Code Execution

Published: April 21, 2022

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.

Vendor Impacted: Zimbra

Product Impacted: Collaboration (Zcs)

Quotes

• Researchers have observed TA473, a newly minted advanced persistent threat (APT) actor tracked by Proofpoint, exploiting Zimbra vulnerability CVE-2022-27926 to abuse publicly facing Zimbra hosted webmail portals. The goal of this activity is assessed to be gaining access to the emails of military, government, and diplomatic organizations across Europe involved in the Russia Ukrainian War
• These labor-intensive customized payloads allow actors to steal usernames, passwords, and store active session and CSRF tokens from cookies facilitating the login to publicly facing webmail portals belonging to NATO-aligned organizations
• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise

Headlines

• April 4, 2023 - CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog
• April 4, 2023 - Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List
• April 3, 2023 - CISA warns of Zimbra bug exploited in attacks against NATO countries

CVE-2022-27598

MEDIUM CVSS 4.30

Risk Context N/A

Published: March 29, 2023

A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later

Vendor Impacted: Qnap

Products Impacted: Qts, Qutscloud, Quts Hero

Quotes

• From a performance point of view, they could lead to stability issues and unpredictable code behavior
• In this case, the reason for the alert was multiple out-of-bounds read and write requests, performed by several memcpy functions
• Sadly, this story of this vulnerability is anything but surprising. In fact, almost every new integration or POC we have done so far ended with the same result – of us uncovering new vulnerabilities in runtime pretty much as soon as the device was connected

Headlines

• April 5, 2023 - QNAP Zero-Days Leave 80K Devices Vulnerable to Cyberattack
• April 5, 2023 - A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices
• April 4, 2023 - Vulnerabilities impacting multiple QNAP operating systems (CVE-2022-27597, CVE-2022-27598)

CVE-2022-27597

MEDIUM CVSS 4.30

Risk Context N/A

Published: March 29, 2023

A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later

Vendor Impacted: Qnap

Products Impacted: Qts, Qvr, Qutscloud, Quts Hero

Quotes

• From a performance point of view, they could lead to stability issues and unpredictable code behavior
• In this case, the reason for the alert was multiple out-of-bounds read and write requests, performed by several memcpy functions
• Sadly, this story of this vulnerability is anything but surprising. In fact, almost every new integration or POC we have done so far ended with the same result – of us uncovering new vulnerabilities in runtime pretty much as soon as the device was connected

Headlines

• April 5, 2023 - QNAP Zero-Days Leave 80K Devices Vulnerable to Cyberattack
• April 5, 2023 - A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices
• April 4, 2023 - Vulnerabilities impacting multiple QNAP operating systems (CVE-2022-27597, CVE-2022-27598)

CVE-2023-29059

CVSS Not Assigned

Risk Context N/A

Published: March 30, 2023

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

Quotes

• Co-existed on victim machines with AppleJeus, a backdoor attributed to the Korean-speaking threat actor Lazarus
• The discovery of the new Gopuram infections allowed us to attribute the 3CX campaign to the Lazarus threat actor with medium to high confidence. We believe that Gopuram is the main implant and the final payload in the attack chain
• This may indicate that the threat actor is mainly targeting enterprises in those regions – however, this is uncertain. This could be indicative of 3CX product’s geographic customer base – including the possibility of various multinational corporations operating inside those regions

Headlines

• April 4, 2023 - 3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms
• April 4, 2023 - Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack
• April 3, 2023 - Cryptocurrency companies backdoored in 3CX supply chain attack
• April 3, 2023 - Europe, North America Most Impacted by 3CX Supply Chain Hack