Snapshot
Aug. 19, 2023 - Aug. 25, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-32315 | Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users. | HIGH | Ignite Realtime | Aug. 24, 2023 |
CVE-2023-38831 | RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. | N/A | RARLAB | Aug. 24, 2023 |
CVE-2023-38035 | Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | CRITICAL | Ivanti | Aug. 22, 2023 |
CVE-2023-27532 | Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. | HIGH | Veeam | Aug. 22, 2023 |
CVE-2023-26359 | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. | CRITICAL | Adobe | Aug. 21, 2023 |
Newswires |
||||
Massive MOVEit Hack Affects Nearly 1,000 Organizations and 60 Million Individuals
The Russian-speaking Cl0p ransomware group's recent MOVEit campaign has reportedly affected nearly 1,000 organizations and 60 million individuals. |
Aug. 25, 2023 |
|||
CISA Mandates Immediate Patching for Two Actively Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding two critical vulnerabilities. |
Aug. 25, 2023 |
|||
Critical Ivanti Sentry Bug Abused as Zero-Day: Exploit Released
An exploit code for a critical authentication bypass vulnerability in Ivanti Sentry is now available. |
Aug. 24, 2023 |
|||
FBI Declares Barracuda ESG Zero-Day Patches Ineffective
The Federal Bureau of Investigation (FBI) has stated that the patches Barracuda released in May for an exploited ESG zero-day vulnerability were ineffective. |
Aug. 24, 2023 |
|||
North Korean Lazarus Group Exploits ManageEngine Vulnerability to Launch Cyber Attacks
The North Korean state-sponsored hacker group known as Lazarus has been utilizing a severe vulnerability, CVE-2022-47966, in Zoho's ManageEngine ServiceDesk to infiltrate an internet backbone infrastructure provider and various healthcare organizations. |
Aug. 24, 2023 |
|||
Rockwell Automation ThinManager Vulnerabilities Pose Threat to Industrial Control Systems
Researchers from cybersecurity firm Tenable have discovered significant vulnerabilities in Rockwell Automation’s ThinManager ThinServer. |
Aug. 24, 2023 |
|||
Exploitation of WinRAR Zero-Day Vulnerability to Breach Cryptocurrency Trading Accounts
A zero-day vulnerability in WinRAR, identified as CVE-2023-38831, has been actively used to install malware onto devices, facilitating the hacking of online cryptocurrency trading accounts. |
Aug. 23, 2023 |
|||
Unpatched Openfire Servers at Risk Due to Recently Discovered Vulnerability
Over 3,000 Openfire servers are currently at risk due to a recently discovered high-severity flaw, known as CVE-2023-32315. |
Aug. 23, 2023 |
|||
Cuba Ransomware Group's Sophisticated Cyberattack Techniques Unveiled
The Cuba ransomware group, a Russian threat actor, launched an unsuccessful cyberattack on an organization servicing US critical infrastructure in June. |
Aug. 22, 2023 |
|||
CISA Adds Critical Adobe ColdFusion Vulnerability to Its Exploited Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a serious security vulnerability in Adobe ColdFusion, based on evidence of its active abuse. |
Aug. 22, 2023 |
|||
Ivanti Releases Urgent Patch for Zero-Day Vulnerability in Sentry Gateway
Ivanti has released a security patch to address a critical vulnerability in its Sentry security gateway product. |
Aug. 22, 2023 |
|||
Critical Vulnerability in Ivanti Sentry API Exploited in the Wild
Ivanti, a US-based IT software firm, has alerted its users about a severe vulnerability in its Sentry API that is currently being exploited in real-time. |
Aug. 21, 2023 |
|||
Juniper Networks Patches Critical Flaws in Switches and Firewalls
Juniper Networks, a leading provider of networking appliances, has announced patches for four vulnerabilities found in the J-Web interface of its Junos OS. |
Aug. 21, 2023 |
|||
Zero-Day Windows Error Reporting Service Vulnerability Exploited: PoC Code Released
The zero-day vulnerability (CVE-2023-36874) with a CVSS score of 7.8, affects the Windows Error Reporting Service (WER), a component that collects and sends error reports to Microsoft. |
Aug. 21, 2023 |
|||
Cuba Ransomware Gang Exploits Veeam Vulnerability in Attacks on U.S. Critical Infrastructure
The Cuba ransomware gang has been identified in attacks against critical infrastructure organizations in the United States and IT companies in Latin America, utilizing a mix of both new and old tools. |
Aug. 20, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-38035 (14) | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attac... | CRITICAL | Ivanti |
CISA Known Exploited Remote Code Execution Public Exploits Available |
CVE-2023-35078 (9) | Ivanti Endpoint Manager Mobile , formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an admin... | CRITICAL | Ivanti |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2022-47966 (9) | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to us... | CRITICAL | Zohocorp, Zoho |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-32560 (6) | An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption ... | CRITICAL | Risk Context N/A | |
CVE-2023-2868 (6) | A remote command injection vulnerability exists in the Barracuda Email Security Gateway product effecting versions 5.1.3.001... | CRITICAL | Barracuda Networks, Barracuda |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-32315 (5) | Openfire is an XMPP server licensed under the Open Source Apache License. | HIGH | Ignite Realtime |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-27532 (5) | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be... | HIGH | Veeam |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-35081 (6) | A path traversal vulnerability in Ivanti EPMM versions allows an authenticated administrator to write arbitrary files onto t... | HIGH | Ivanti |
CISA Known Exploited |
CVE-2023-38831 (9) | RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP... | N/A | Rarlab |
CISA Known Exploited Remote Code Execution Public Exploits Available |
CISA Known Exploited Vulnerabilities
CISA added five vulnerabilities to the known exploited vulnerabilities list.
Ignite Realtime — Openfire |
CVE-2023-32315 / Added: Aug. 24, 2023 |
HIGH CVSS 7.50 EPSS Score 52.55 EPSS Percentile 97.15 |
Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users. |
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-38035 |
CRITICAL CVSS 9.80 EPSS Score 1.57 EPSS Percentile 85.66 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
Published: Aug. 21, 2023 |
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. |
Vendor Impacted: Ivanti |
Products Impacted: Mobileiron Sentry, Sentry |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-35078 |
CRITICAL CVSS 9.80 EPSS Score 96.52 EPSS Percentile 99.41 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: July 25, 2023 |
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. |
Vendor Impacted: Ivanti |
Products Impacted: Endpoint Manager Mobile (Epmm), Endpoint Manager Mobile |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-47966 |
CRITICAL CVSS 9.80 EPSS Score 97.44 EPSS Percentile 99.92 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Jan. 18, 2023 |
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. |
Vendors Impacted: Zohocorp, Zoho |
Products Impacted: Manageengine Ad360, Manageengine Os Deployer, Manageengine Access Manager Plus, Manageengine Device Control Plus, Manageengine Admanager Plus, Manageengine Assetexplorer, Manageengine Adaudit Plus, Manageengine Pam360, Manageengine Rmm Central, Manageengine Analytics Plus, Manageengine Endpoint Dlp Plus, Manageengine Desktop Central, Manageengine, Manageengine Patch Manager Plus, Manageengine Browser Security Plus, Application Control Plus, Manageengine Password Manager Pro, Manageengine Vulnerability Manager P, Manageengine Servicedesk Plus Msp, Manageengine Remote Access Plus, Manageengine Key Manager Plus, Manageengine Servicedesk Plus, Manageengine Adselfservice Plus, Manageengine Supportcenter Plus |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-32560 |
CRITICAL CVSS 9.80 EPSS Score 0.13 EPSS Percentile 47.93 |
Risk Context N/A |
Published: Aug. 10, 2023 |
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-2868 |
CRITICAL CVSS 9.80 EPSS Score 2.77 EPSS Percentile 89.26 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: May 24, 2023 |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. |
Vendors Impacted: Barracuda Networks, Barracuda |
Products Impacted: Email Security Gateway 300, Email Security Gateway 900, Email Security Gateway 800, Email Security Gateway 300 Firmware, Email Security Gateway 400 Firmware, Email Security Gateway 600 Firmware, Email Security Gateway 800 Firmware, Email Security Gateway 400, Email Security Gateway (Esg) Appliance, Email Security Gateway 600, Email Security Gateway 900 Firmware |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-32315 |
HIGH CVSS 7.50 EPSS Score 52.55 EPSS Percentile 97.15 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: May 26, 2023 |
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. |
Vendor Impacted: Ignite Realtime |
Product Impacted: Openfire |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-27532 |
HIGH CVSS 7.50 EPSS Score 0.67 EPSS Percentile 77.09 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: March 10, 2023 |
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
Vendor Impacted: Veeam |
Products Impacted: Backup & Replication, Backup \& Replication |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-35081 |
HIGH CVSS 7.20 EPSS Score 62.32 EPSS Percentile 97.39 |
CISA Known Exploited |
Published: Aug. 3, 2023 |
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. |
Vendor Impacted: Ivanti |
Product Impacted: Endpoint Manager Mobile (Epmm) |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-38831 |
CVSS Not Assigned EPSS Score 0.05 EPSS Percentile 13.94 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
Published: Aug. 23, 2023 |
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023. |
Vendor Impacted: Rarlab |
Product Impacted: Winrar |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.