VULNERA Pulse

PaperCut — MF/NG

CVE-2023-27350 / Added: April 21, 2023

CRITICAL CVSS 9.80

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

Headlines

• April 20, 2023 - PaperCut Warns of Exploited Vulnerability in Print Management Solutions

Back to top ↑

MinIO — MinIO

CVE-2023-28432 / Added: April 21, 2023

HIGH CVSS 7.50

MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.

Headlines

• March 28, 2023 - ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Back to top ↑

Google — Chrome

CVE-2023-2136 / Added: April 21, 2023

CVSS Not Assigned

Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products.

Headlines

• April 21, 2023 - This Week In Security: Spandex Tempest, Supply Chain Chain, And NTP
• April 20, 2023 - Google patches another critical Chrome security fix
• April 19, 2023 - Google fixed the second actively exploited Chrome zero-day of 2023
• April 19, 2023 - Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released
• April 19, 2023 - Google Patches Second Chrome Zero-Day Vulnerability of 2023
• April 19, 2023 - Google patches another actively exploited Chrome zero-day
• April 19, 2023 - Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Back to top ↑

Cisco — IOS and IOS XE Software

CVE-2017-6742 / Added: April 19, 2023

HIGH CVSS 8.80

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Headlines

• April 19, 2023 - Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov't Agencies
• April 19, 2023 - Russian cyber spy group APT28 backdoors Cisco routers via SNMP
• April 19, 2023 - Cisco routers are being targeted by custom Russian malware
• April 19, 2023 - US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws
• April 19, 2023 - U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
• April 19, 2023 - US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers
• April 19, 2023 - NCSC Warns of Destructive Russian Attacks on Critical Infrastructure
• April 19, 2023 - Fancy Bear used old SNMP bug to infect routers
• April 18, 2023 - US, UK warn of govt hackers using custom malware on Cisco routers
• April 18, 2023 - State-sponsored campaigns target global network infrastructure
• April 18, 2023 - APT28 Exploits Known Vulnerability To Carry Out Reconnaissance and Deploy Malware on Cisco Routers | CISA

Back to top ↑

Google — Chromium V8 Engine

CVE-2023-2033 / Added: April 17, 2023

HIGH CVSS 8.80

Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.

Headlines

• April 19, 2023 - Google fixed the second actively exploited Chrome zero-day of 2023
• April 19, 2023 - Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released
• April 19, 2023 - Google Patches Second Chrome Zero-Day Vulnerability of 2023
• April 19, 2023 - Google patches another actively exploited Chrome zero-day
• April 18, 2023 - And now it’s Chrome needs updating!
• April 18, 2023 - CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog
• April 17, 2023 - Google Issues Emergency Chrome Update for Zero-Day Bug
• April 17, 2023 - A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
• April 17, 2023 - Google urges users to update Chrome to address zero-day vulnerability
• April 17, 2023 - Google urges users to update Chrome to address zero-day vulnerability
• April 17, 2023 - Google Chrome releases security fix for this major flaw, so update now
• April 17, 2023 - Install this emergency update from Google to patch an actively exploited Chrome security flaw
• April 17, 2023 - Google emits emergency security fix for Chrome zero-day
• April 15, 2023 - Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
• April 14, 2023 - Google Warns of New Chrome Zero-Day Attack
• April 14, 2023 - Google fixed the first Chrome zero-day of 2023
• April 14, 2023 - Google Chrome emergency update fixes first zero-day of 2023

Back to top ↑

Apple — macOS

CVE-2019-8526 / Added: April 17, 2023

HIGH CVSS 7.80

Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.

Headlines

• April 18, 2023 - CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog

Back to top ↑

CVE-2022-36067

CRITICAL CVSS 10.00

Actively Exploited Remote Code Execution Public Exploits Available

Published: Sept. 6, 2022

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.

Quotes

• A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox

Headlines

• April 19, 2023 - Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution
• April 18, 2023 - New sandbox escape PoC exploit available for VM2 library, patch now

CVE-2023-2033

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: April 14, 2023

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor Impacted: Google

Product Impacted: Chromium V8 Engine

Quotes

• The Stable and extended stable channel has been updated to 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac which will roll out over the coming days/weeks. Linux release coming soon
• Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page
• Access to bug details and links may be kept restricted until a majority of users are updated with a fix
• Google is aware that an exploit for CVE-2023-2033 exists in the wild
• Type confusion in V8 in Google Chrome

Headlines

• April 19, 2023 - Google fixed the second actively exploited Chrome zero-day of 2023
• April 19, 2023 - Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released
• April 19, 2023 - Google Patches Second Chrome Zero-Day Vulnerability of 2023
• April 19, 2023 - Google patches another actively exploited Chrome zero-day
• April 18, 2023 - And now it’s Chrome needs updating!
• April 18, 2023 - CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog
• April 17, 2023 - Google Issues Emergency Chrome Update for Zero-Day Bug
• April 17, 2023 - A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
• April 17, 2023 - Google urges users to update Chrome to address zero-day vulnerability
• April 17, 2023 - Google Chrome releases security fix for this major flaw, so update now
• April 17, 2023 - Install this emergency update from Google to patch an actively exploited Chrome security flaw
• April 17, 2023 - Google emits emergency security fix for Chrome zero-day

CVE-2017-6742

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: July 17, 2017

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313.

Vendor Impacted: Cisco

Products Impacted: Ios And Ios Xe Software, Ios Xe

Quotes

• By an increase in the rate of high-sophistication attacks on network infrastructure
• In 2021, APT28 used infrastructure to masquerade simple network management protocol (SNMP) access into Cisco routers worldwide
• Credentials that allow anyone who knows the configured string to query SNMP data on a device
• APT28 has been known to access vulnerable routers by using default and weak SNMP community strings, and by exploiting CVE-2017-6742 (Cisco Bug ID: CSCve54313) as published by Cisco
• APT28 has been known to access vulnerable routers by using default and weak SNMP community strings, and by exploiting CVE-2017-6742
• Deeply concerned by an increase in the rate of high-sophistication attacks on network infrastructure
• In the wake of this emerging threat, our message to CNI sectors is to take sensible, proportionate steps now to protect themselves
• A number of software tools can scan the entire network using SNMP, meaning that poor configuration such as using default or easy-to-guess community strings, can make a network susceptible to attacks
• Jaguar Tooth is non-persistent malware that targets Cisco IOS routers running firmware: C5350-ISM, Version 12.3(6)

Headlines

• April 19, 2023 - Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov't Agencies
• April 19, 2023 - Russian cyber spy group APT28 backdoors Cisco routers via SNMP
• April 19, 2023 - Cisco routers are being targeted by custom Russian malware
• April 19, 2023 - US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws
• April 19, 2023 - U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
• April 19, 2023 - US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers
• April 19, 2023 - NCSC Warns of Destructive Russian Attacks on Critical Infrastructure
• April 19, 2023 - Fancy Bear used old SNMP bug to infect routers
• April 18, 2023 - US, UK warn of govt hackers using custom malware on Cisco routers
• April 18, 2023 - State-sponsored campaigns target global network infrastructure
• April 18, 2023 - APT28 Exploits Known Vulnerability To Carry Out Reconnaissance and Deploy Malware on Cisco Routers | CISA

CVE-2023-20963

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited Remote Code Execution

Published: March 24, 2023

In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519

Vendors Impacted: Google, Android

Products Impacted: Android, Framework

Quotes

• Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed
• The Android Security Bulletin—March 2023

Headlines

• April 17, 2023 - CISA: Patch Bug Exploited by Chinese E-commerce App
• April 16, 2023 - CISA warns of Android bug exploited by Chinese app to spy on users
• April 15, 2023 - CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

CVE-2023-0669

HIGH CVSS 7.20

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Feb. 6, 2023

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Vendor Impacted: Fortra

Products Impacted: Goanywhere Mft, Goanywhere Managed File Transfer

Quotes

• The most active ransomware gang
• The unauthorized party used CVE-2023-0669 to create unauthorized user accounts in some MFTaaS customer environments
• Our initial investigation revealed the unauthorized party used CVE-2023-0669 to create unauthorized user accounts in some MFTaaS customer environments. For a subset of these customers, the unauthorized party leveraged these user accounts to download files from their hosted MFTaaS environments
• Pre-authentication command injection vulnerability … due to deserialising an arbitrary attacker-controlled object
• During the investigation, we discovered the unauthorized party used CVE-2023-0669 to install up to two additional tools

Headlines

• April 20, 2023 - There were more ransomware attacks last month than any other on record
• April 20, 2023 - Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
• April 20, 2023 - Fortra Completes Investigation Into GoAnywhere Zero-Day Incident
• April 20, 2023 - Fortra attributes GoAnywhere breach to a zero day vulnerability
• April 19, 2023 - Fortra shares findings on GoAnywhere MFT zero-day attacks
• April 19, 2023 - March 2023 broke ransomware attack records with 459 incidents

CVE-2023-2136

CVSS Not Assigned

CISA Known Exploited Remote Code Execution

Published: April 19, 2023

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor Impacted: Google

Product Impacted: Chrome

Quotes

• Access to bug details and links may be kept restricted until a majority of users are updated with a fix
• The Stable and extended stable channel has been updated to 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac which will roll out over the coming days/weeks. Linux release coming soon
• Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page
• Google is aware that an exploit for CVE-2023-2136 exists in the wild

Headlines

• April 21, 2023 - This Week In Security: Spandex Tempest, Supply Chain Chain, And NTP
• April 20, 2023 - Google patches another critical Chrome security fix
• April 19, 2023 - Google fixed the second actively exploited Chrome zero-day of 2023
• April 19, 2023 - Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released
• April 19, 2023 - Google Patches Second Chrome Zero-Day Vulnerability of 2023
• April 19, 2023 - Google patches another actively exploited Chrome zero-day
• April 19, 2023 - Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

CVE-2023-20864

CVSS Not Assigned

Remote Code Execution

Published: April 20, 2023

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.

Quotes

• Don’t log these actual characters; instead, treat them as a mini-program to run for me, and insert the answer that comes back
• A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device
• An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root
• CVE-2023-20864 is a critical issue and should be patched immediately as per the instructions in the advisory. It needs to be highlighted that only version 8.10.2 is impacted by this vulnerability (CVE-2023-20864)

Headlines

• April 21, 2023 - VMware patches break-and-enter hole in logging tools: update now!
• April 21, 2023 - Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
• April 20, 2023 - VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root
• April 20, 2023 - VMware Patches Pre-Auth Code Execution Flaw in Logging Product
• April 20, 2023 - VMware fixes vRealize bug that let attackers run code as root

CVE-2023-20865

CVSS Not Assigned

Risk Context N/A

Published: April 20, 2023

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

Quotes

• A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device
• An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root

Headlines

• April 21, 2023 - Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
• April 20, 2023 - VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root
• April 20, 2023 - VMware Patches Pre-Auth Code Execution Flaw in Logging Product
• April 20, 2023 - VMware fixes vRealize bug that let attackers run code as root