Snapshot
Dec. 9, 2023 - Dec. 15, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-6448 | Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. | CRITICAL | Unitronics | Dec. 11, 2023 |
Newswires |
||||
NKAbuse Malware Exploits NKN Blockchain for Stealthy Operations
NKAbuse, a new multi-platform malware, is the first to exploit the NKN (New Kind of Network) technology for data exchange, making it a covert threat. |
Dec. 14, 2023 |
|||
Russian APT29 Hackers Exploiting TeamCity Servers Since September: CISA
The US Cybersecurity and Infrastructure Security Agency (CISA), along with its cybersecurity partners and intelligence services, has issued a warning that the APT29 hacking group, associated with Russia's Foreign Intelligence Service (SVR), has been focusing on unpatched TeamCity servers in a series of widespread attacks beginning in September 2023. |
Dec. 13, 2023 |
|||
Critical Apache Struts Vulnerability Targeted by Hackers Using Public Proof-of-Concept
Hackers have begun to exploit a recently resolved critical vulnerability in Apache Struts, an open-source web application framework. |
Dec. 13, 2023 |
|||
Sophos Backports Critical Vulnerability Fix for EOL Firewall Firmware
Sophos has retroactively implemented a fix for the critical code injection vulnerability, CVE-2022-3236, in its end-of-life (EOL) firewall firmware versions. |
Dec. 13, 2023 |
|||
Microsoft's December 2023 Patch Tuesday Addresses 34 Vulnerabilities, Including an AMD Zero-Day
Microsoft's December 2023 Patch Tuesday has seen the release of security updates addressing a total of 34 vulnerabilities, including one previously disclosed but unpatched flaw in AMD CPUs. |
Dec. 12, 2023 |
|||
Critical RCE Vulnerability in WordPress Backup Migration Plug-in Puts Thousands of Websites at Risk
A major unauthenticated remote control execution (RCE) vulnerability has been discovered in a widely used WordPress plug-in, Backup Migration, exposing many WordPress websites to potential compromise. |
Dec. 12, 2023 |
|||
Over 1,450 pfSense Servers Vulnerable to Remote Code Execution Attacks Due to Multiple Bugs
Approximately 1,450 instances of pfSense, a widely used open-source firewall and router software, are currently exposed to potential remote code execution (RCE) attacks. |
Dec. 12, 2023 |
|||
Apple Releases Emergency Security Updates to Address Zero-Day Flaws on Older Devices
Apple has proactively released emergency security updates to provide patches for two zero-day vulnerabilities that are currently being exploited, affecting older iPhone models, as well as select Apple Watch and Apple TV devices. |
Dec. 11, 2023 |
|||
Lazarus Group Exploits Log4j Security Flaws to Launch Global Cyberattack Campaign
The Lazarus Group, a North Korea-associated threat actor, has launched a global campaign exploiting Log4j vulnerabilities to deploy new remote access trojans (RATs). |
Dec. 11, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2021-44228 (10) | Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect agai... | CRITICAL | Cisco, Siemens, Snowsoftware, Apache, Bentley, Sonicwall, Debian, Intel, Netapp, Percussion, Fedoraproject |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2017-5638 (8) | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handlin... | CRITICAL | Apache |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-50164 (11) | An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploadi... | CRITICAL | Apache |
Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-42793 (9) | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | CRITICAL | Jetbrains |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-36019 (7) | Microsoft Power Platform Connector Spoofing Vulnerability | CRITICAL |
Actively Exploited |
|
CVE-2023-42917 (6) | A memory corruption vulnerability was addressed with improved locking. | HIGH | Apple |
CISA Known Exploited |
CVE-2023-35641 (5) | Internet Connection Sharing Remote Code Execution Vulnerability | HIGH | Microsoft |
Remote Code Execution |
CVE-2023-35628 (9) | Windows MSHTML Platform Remote Code Execution Vulnerability | HIGH | Microsoft |
Actively Exploited Remote Code Execution |
CVE-2023-42916 (6) | An out-of-bounds read was addressed with improved input validation. | MEDIUM | Apple |
CISA Known Exploited |
CVE-2023-35636 (5) | Microsoft Outlook Information Disclosure Vulnerability | MEDIUM | Microsoft | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added one vulnerability to the known exploited vulnerabilities list.
Unitronics — Vision PLC and HMI |
CVE-2023-6448 / Added: Dec. 11, 2023 |
CRITICAL CVSS 9.80 EPSS Score 4.46 EPSS Percentile 91.55 |
Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. |
Headlines |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2021-44228 |
CRITICAL CVSS 10.00 EPSS Score 97.45 EPSS Percentile 99.95 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Dec. 10, 2021 |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
Vendors Impacted: Cisco, Siemens, Snowsoftware, Apache, Bentley, Sonicwall, Debian, Intel, Netapp, Percussion, Fedoraproject |
Products Impacted: Oneapi Sample Browser, Cloud Secure Agent, Nexus Insights, Firepower 1150, Head-End System Universal Device Integration System, Cloudcenter Workload Manager, Firepower 1010, Unified Contact Center Express, Ontap Tools, Solid Edge Cam Pro, E-Car Operation Center, Unified Communications Manager Im And Presence Service, Fxos, Ucs Central, Data Center Network Manager, Email Security, Firepower 4145, Unified Intelligence Center, Virtual Topology System, Snapcenter, Nx, Automated Subsea Tuning, Spectrum Power 4, Crosswork Zero Touch Provisioning, Nexus Dashboard, Mendix, Sd-Wan Vmanage, Opcenter Intelligence, Logo\! Soft Comfort, Industrial Edge Management, Cloud Insights, Debian Linux, Energyip Prepay, Firepower 4120, Audio Development Kit, Broadworks, Active Iq Unified Manager, Contact Center Management Portal, Sensor Solution Firmware Development Kit, Firepower 4110, Network Services Orchestrator, Unified Contact Center Enterprise, System Debugger, Gma-Manager, Siguard Dsa, Business Process Automation,... |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2017-5638 |
CRITICAL CVSS 10.00 EPSS Score 97.54 EPSS Percentile 99.99 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: March 11, 2017 |
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. |
Vendor Impacted: Apache |
Product Impacted: Struts |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-50164 |
CRITICAL CVSS 9.80 EPSS Score 9.80 EPSS Percentile 94.23 |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: Dec. 7, 2023 |
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. |
Vendor Impacted: Apache |
Product Impacted: Struts |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-42793 |
CRITICAL CVSS 9.80 EPSS Score 97.26 EPSS Percentile 99.82 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Sept. 19, 2023 |
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible |
Vendor Impacted: Jetbrains |
Product Impacted: Teamcity |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-36019 |
CRITICAL CVSS 9.60 EPSS Score 0.09 EPSS Percentile 38.35 |
Actively Exploited |
Published: Dec. 12, 2023 |
Microsoft Power Platform Connector Spoofing Vulnerability |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-42917 |
HIGH CVSS 8.80 EPSS Score 0.14 EPSS Percentile 48.88 |
CISA Known Exploited |
Published: Nov. 30, 2023 |
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. |
Vendor Impacted: Apple |
Products Impacted: Safari, Ipados, Iphone Os, Macos, Multiple Products |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-35641 |
HIGH CVSS 8.80 EPSS Score 0.10 EPSS Percentile 39.62 |
Remote Code Execution |
Published: Dec. 12, 2023 |
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2022, Windows 10 1507, Windows 10 1607, Windows Server 2019, Windows 10 21h2, Windows 10 22h2, Windows Server 2008, Windows 10 1809, Windows 11 23h2, Windows Server 2012, Windows 11 21h2, Windows Server 2016, Windows 11 22h2 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-35628 |
HIGH CVSS 8.10 EPSS Score 0.64 EPSS Percentile 76.91 |
Actively Exploited Remote Code Execution |
Published: Dec. 12, 2023 |
Windows MSHTML Platform Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2022 23h2, Windows Server 2022, Windows 10 1507, Windows 10 1607, Windows Server 2019, Windows 10 21h2, Windows 10 22h2, Windows Server 2008, Windows 10 1809, Windows 11 23h2, Windows Server 2012, Windows 11 21h2, Windows Server 2016, Windows 11 22h2 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-42916 |
MEDIUM CVSS 6.50 EPSS Score 0.13 EPSS Percentile 47.60 |
CISA Known Exploited |
Published: Nov. 30, 2023 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. |
Vendor Impacted: Apple |
Products Impacted: Safari, Ipados, Iphone Os, Macos, Multiple Products |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-35636 |
MEDIUM CVSS 6.50 EPSS Score 0.11 EPSS Percentile 42.61 |
Risk Context N/A |
Published: Dec. 12, 2023 |
Microsoft Outlook Information Disclosure Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Office Long Term Servicing Channel, Office, 365 Apps |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.