Snapshot
Dec. 14, 2024 - Dec. 20, 2024
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2024-12356 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user. | CRITICAL | BeyondTrust | Dec. 19, 2024 |
| CVE-2021-40407 | Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality. | CRITICAL | Reolink | Dec. 18, 2024 |
| CVE-2022-23227 | NUUO NVRmini 2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users. | CRITICAL | NUUO | Dec. 18, 2024 |
| CVE-2018-14933 | NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | CRITICAL | NUUO | Dec. 18, 2024 |
| CVE-2019-11001 | Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root. | HIGH | Reolink | Dec. 18, 2024 |
| CVE-2024-55956 | Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | CRITICAL | Cleo | Dec. 17, 2024 |
| CVE-2024-35250 | Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. | HIGH | Microsoft | Dec. 16, 2024 |
| CVE-2024-20767 | Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel. | HIGH | Adobe | Dec. 16, 2024 |
Newswires |
||||
|
Critical Vulnerability in FortiWLM Grants Hackers Administrative Control
Fortinet has revealed a significant vulnerability in its Wireless Manager (FortiWLM) that could allow remote attackers to execute unsanctioned code or commands. |
Dec. 19, 2024 |
|||
|
BeyondTrust Suffers Cyberattack: Remote Support SaaS Instances Breached
BeyondTrust, a cybersecurity firm specializing in Privileged Access Management (PAM) and secure remote access solutions, was the target of a cyberattack in early December. |
Dec. 19, 2024 |
|||
|
Active Exploitation of Newly Patched Apache Struts Vulnerability
A critical vulnerability in Apache Struts 2, identified as CVE-2024-53677, is being actively exploited in order to seek out vulnerable servers. |
Dec. 17, 2024 |
|||
|
The Mask APT Returns with Advanced Cross-Platform Malware Capabilities
A cyber espionage group known as The Mask APT, also referred to as Careto, has been associated with a new wave of attacks that targeted an unnamed Latin American organization twice, once in 2019 and again in 2022. |
Dec. 17, 2024 |
|||
|
FBI Issues Warning About HiatusRAT Malware Attacks on Web Cameras and DVRs
The FBI has issued a warning about a new wave of HiatusRAT malware attacks that are specifically targeting vulnerable web cameras and DVRs that are exposed online. |
Dec. 16, 2024 |
|||
|
High-Severity Windows Kernel Bug Actively Exploited, CISA Warns
CISA has alerted U.S. federal agencies of ongoing attacks targeting a critical Windows kernel vulnerability, tracked as CVE-2024-35250. |
Dec. 16, 2024 |
|||
|
Serbian Government Linked to NoviSpy Spyware Exploiting Qualcomm Zero-Day Vulnerabilities
The Serbian government has been accused of exploiting Qualcomm zero-day vulnerabilities to infect Android devices with a new spyware named 'NoviSpy,' which has been used to spy on activists, journalists, and protestors. |
Dec. 16, 2024 |
|||
|
Clop Ransomware Gang Admits to Cleo Data Breach Attacks
The Clop ransomware group has publicly confirmed its involvement in recent data-theft attacks on Cleo, a company that develops managed file transfer platforms. |
Dec. 15, 2024 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2017-7921 (3) | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530,... | CRITICAL | Hikvision |
Public Exploits Available |
| CVE-2023-50164 (5) | An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploadi... | CRITICAL | Apache |
Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2023-34990 (4) | A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute... | CRITICAL | Risk Context N/A | |
| CVE-2024-12356 (4) | A critical vulnerability has been discovered in Privileged Remote Access and Remote Support products which can allow an una... | CRITICAL | Beyondtrust |
CISA Known Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-50623 (4) | In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload ... | CRITICAL | Cleo |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2024-43047 (4) | Memory corruption while maintaining memory maps of HLOS memory. | HIGH | Qualcomm |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2024-35250 (4) | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Public Exploits Available |
| CVE-2024-49138 (3) | Windows Common Log File System Driver Elevation of Privilege Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
| CVE-2024-20767 (3) | ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in... | HIGH | Adobe |
CISA Known Exploited Public Exploits Available |
| CVE-2024-53677 (7) | File upload logic is flawed vulnerability in Apache Struts. | N/A |
Actively Exploited Remote Code Execution Public Exploits Available |
|
CISA Known Exploited Vulnerabilities
CISA added eight vulnerabilities to the known exploited vulnerabilities list.
BeyondTrust — Privileged Remote Access (PRA) and Remote Support (RS) |
|
CVE-2024-12356 / Added: Dec. 19, 2024 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 17.32 |
|
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user. |
|
Headlines
|
Reolink — RLC-410W IP Camera |
|
CVE-2021-40407 / Added: Dec. 18, 2024 |
|
CRITICAL CVSS 9.80 EPSS Score 2.49 EPSS Percentile 89.78 |
|
Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality. |
NUUO — NVRmini2 Devices |
|
CVE-2022-23227 / Added: Dec. 18, 2024 |
|
CRITICAL CVSS 9.80 EPSS Score 23.18 EPSS Percentile 96.56 |
|
NUUO NVRmini 2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users. |
NUUO — NVRmini Devices |
|
CVE-2018-14933 / Added: Dec. 18, 2024 |
|
CRITICAL CVSS 9.80 EPSS Score 93.60 EPSS Percentile 99.32 |
|
NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. |
Reolink — Multiple IP Cameras |
|
CVE-2019-11001 / Added: Dec. 18, 2024 |
|
HIGH CVSS 7.20 EPSS Score 15.51 EPSS Percentile 95.87 |
|
Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root. |
Cleo — Multiple Products |
|
CVE-2024-55956 / Added: Dec. 17, 2024 |
|
CRITICAL CVSS 9.80 EPSS Score 1.18 EPSS Percentile 84.78 |
|
Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. |
|
Headlines |
Microsoft — Windows |
|
CVE-2024-35250 / Added: Dec. 16, 2024 |
|
HIGH CVSS 7.80 EPSS Score 0.13 EPSS Percentile 47.79 |
|
Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. |
|
Headlines
|
Adobe — ColdFusion |
|
CVE-2024-20767 / Added: Dec. 16, 2024 |
|
HIGH CVSS 7.40 EPSS Score 96.20 EPSS Percentile 99.66 |
|
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel. |
|
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2017-7921 |
|
CRITICAL CVSS 10.00 EPSS Score 31.78 EPSS Percentile 97.01 |
|
Public Exploits Available |
|
Published: May 6, 2017 |
|
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. |
|
Vendor Impacted: Hikvision |
|
Products Impacted: Ds-2cd2t32-I5, Ds-2cd2112-I Firmware, Ds-2cd4024f-\(W\), Ds-2cd4212fwd-I\(Z\) Firmware, Ds-2cd4212fwd-I\(S\) Firmware, Ds-2cd4232fwd-I\(S\), Ds-2cd2t32-I3 Firmware, Ds-2cd4212fwd-I\(H\) Firmware, Ds-2cd4224f-I\(H\) Firmware, Ds-2cd4032fwd-\(W\), Ds-2cd4332fwd-I\(S\), Ds-2cd2t32-I8 Firmware, Ds-2cd4224f-I\(Z\), Ds-2cd4212f-I\(Z\), Ds-2cd4132fwd-I\(Z\) Firmware, Ds-2cd4312f-I\(S\), Ds-2cd4224f-I\(S\), Ds-2cd4224f-I\(S\) Firmware, Ds-2cd2232-I5 Firmware, Ds-2cd4312f-I\(S\) Firmware, Ds-2cd2132-I Firmware, Ds-2cd4124f-I\(Z\) Firmware, Ds-2cd2312-I Firmware, Ds-2cd4324f-I\(S\) Firmware, Ds-2cd6412fwd, Ds-2cd4012f-\(A\), Ds-2cd4012fwd-\(W\) Firmware, Ds-2cd4332fwd-I\(S\) Firmware, Ds-2cd2612f-I\(S\), Ds-2cd4012fwd-\(W\), Ds-2cd2512f-I\(S\) Firmware, Ds-2cd4024f-\(P\) Firmware, Ds-2cd2412f-I\(W\) Firmware, Ds-2cd4212f-I\(S\) Firmware, Ds-2cd2t32-I8, Ds-2cd63xx Series, Ds-2cd4232fwd-I\(Z\), Ds-2cd4332fwd-I\(Z\), Ds-2dfx Series Firmware, Ds-2cd4324f-I\(Z\) Firmware, Ds-2cd2512f-I\(S\), Ds-2cd4312f-I\(Z\),... |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2023-50164 |
|
CRITICAL CVSS 9.80 EPSS Score 53.31 EPSS Percentile 97.73 |
|
Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Dec. 7, 2023 |
|
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. |
|
Vendor Impacted: Apache |
|
Product Impacted: Struts |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-34990 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 10.88 |
|
Risk Context N/A |
|
Published: Dec. 18, 2024 |
|
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-12356 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 17.32 |
|
CISA Known Exploited Remote Code Execution Public Exploits Available |
|
Published: Dec. 17, 2024 |
|
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. |
|
Vendor Impacted: Beyondtrust |
|
Product Impacted: Privileged Remote Access (Pra) And Remote Support (Rs) |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-50623 |
|
CRITICAL CVSS 9.80 EPSS Score 4.19 EPSS Percentile 92.13 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: Oct. 28, 2024 |
|
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. |
|
Vendor Impacted: Cleo |
|
Product Impacted: Multiple Products |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-43047 |
|
HIGH CVSS 7.80 EPSS Score 0.06 EPSS Percentile 29.92 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Oct. 7, 2024 |
|
Memory corruption while maintaining memory maps of HLOS memory. |
|
Vendor Impacted: Qualcomm |
|
Products Impacted: Wcn3988 Firmware, Video Collaboration Vc3, Wsa8835 Firmware, Sa8150p Firmware, Sg4150p, Wcd9380 Firmware, Wcd9375 Firmware, Sa8155p Firmware, Snapdragon 888\+ 5g Mobile, Snapdragon X55 5g Modem-Rf Firmware, Qca6595, Sd660 Firmware, Snapdragon 888\+ 5g Mobile Firmware, Qca6698aq Firmware, Sa6145p, Qca6426 Firmware, Snapdragon 8 Gen 1 Mobile Firmware, Qcs610 Firmware, Sa8145p, Wcn3990, Sg4150p Firmware, Fastconnect 6700, Snapdragon 870 5g Mobile Firmware, Video Collaboration Vc1 Firmware, Wcn3990 Firmware, Wcd9341, Wcd9335, Wsa8810 Firmware, Fastconnect 6900, Qca6584au, Wcn3950, Qam8295p Firmware, Snapdragon 680 4g Mobile, Snapdragon Auto 5g Modem-Rf Gen 2, Sa4155p, Qca6698aq, Multiple Chipsets , Qam8295p, Snapdragon 660 Mobile Firmware, Wcn3950 Firmware, Sa4150p, Snapdragon 660 Mobile, Sxr2130, Sa6145p Firmware, Snapdragon Auto 5g Modem-Rf Firmware, Fastconnect 6800 Firmware, Wcd9385 Firmware, Fastconnect 7800 Firmware, Qca6574au, Fastconnect 6900 Firmware, Qca6696 Firmware, Qca6595au Firmware, Wcd9370,... |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-35250 |
|
HIGH CVSS 7.80 EPSS Score 0.13 EPSS Percentile 47.79 |
|
CISA Known Exploited Actively Exploited Public Exploits Available |
|
Published: June 11, 2024 |
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows 11 21h2, Windows Server 2012, Windows Server 2019, Windows 11 22h2, Windows 10 1507, Windows Server 2008, Windows 11 23h2, Windows Server 2016, Windows Server 2022, Windows 10 1607, Windows 10 1809, Windows, Windows 10 22h2, Windows Server 2022 23h2, Windows 10 21h2 |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-49138 |
|
HIGH CVSS 7.80 EPSS Score 0.04 EPSS Percentile 10.97 |
|
CISA Known Exploited Actively Exploited Remote Code Execution |
|
Published: Dec. 12, 2024 |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows Server 2012, Windows Server 2019, Windows 11 22h2, Windows Server 2025, Windows 10 1507, Windows Server 2008, Windows 11 23h2, Windows Server 2016, Windows Server 2022, Windows 10 1607, Windows 10 1809, Windows 11 24h2, Windows, Windows 10 22h2, Windows Server 2022 23h2, Windows 10 21h2 |
|
Headlines
|
| Back to top ↑ |
CVE-2024-20767 |
|
HIGH CVSS 7.40 EPSS Score 96.20 EPSS Percentile 99.66 |
|
CISA Known Exploited Public Exploits Available |
|
Published: March 18, 2024 |
|
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet. |
|
Vendor Impacted: Adobe |
|
Product Impacted: Coldfusion |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-53677 |
|
CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 10.88 |
|
Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Dec. 11, 2024 |
|
File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067 |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
