VULNERA Pulse

Sophos — XG Firewall

CVE-2020-15069 / Added: Feb. 6, 2025

CRITICAL CVSS 9.80 EPSS Score 1.00 EPSS Percentile 83.67

Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

Headlines

• Nov. 5, 2024 - FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
• Oct. 31, 2024 - Pacific Rim: What’s it to you?
• Oct. 31, 2024 - Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns

Back to top ↑

Sophos — CyberoamOS

CVE-2020-29574 / Added: Feb. 6, 2025

CRITICAL CVSS 9.80 EPSS Score 0.21 EPSS Percentile 58.75

CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Headlines

• Nov. 5, 2024 - FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
• Oct. 31, 2024 - Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns

Back to top ↑

Microsoft — Office Outlook

CVE-2024-21413 / Added: Feb. 6, 2025

CRITICAL CVSS 9.80 EPSS Score 0.05 EPSS Percentile 23.85

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

Headlines

• Feb. 6, 2025 - Critical RCE bug in Microsoft Outlook now exploited in attacks
• Dec. 11, 2024 - Microsoft enforces defenses preventing NTLM relay attacks
• Dec. 9, 2024 - Microsoft NTLM Zero-Day to Remain Unpatched Until April
• Aug. 21, 2024 - Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021)
• April 21, 2024 - New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
• March 20, 2024 - Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyberattacks
• Feb. 29, 2024 - Here Are the Google and Microsoft Security Updates You Need Right Now
• Feb. 16, 2024 - Microsoft fixes two zero-days with Patch Tuesday release
• Feb. 16, 2024 - PoC Exploit Released for Microsoft Outlook RCE Flaw - CVE-2024-21413
• Feb. 15, 2024 - Microsoft Warns of Exploited Exchange Server Zero-Day
• Feb. 15, 2024 - Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
• Feb. 14, 2024 - Microsoft: New critical Exchange bug exploited as zero-day
• Feb. 14, 2024 - Microsoft Warns of Outlook RCE Flaw - #MonikerLink Bug (CVE-2024-21413)
• Feb. 14, 2024 - Microsoft Warns of 'In the Wild' Outlook Attack - #MonikerLink Bug (CVE-2024-21413)
• Feb. 14, 2024 - New critical Microsoft Outlook RCE bug is trivial to exploit
• Feb. 14, 2024 - Microsoft Fixes Two Zero-Days in February Patch Tuesday
• Feb. 13, 2024 - Microsoft patches 80 vulnerabilities
• Feb. 13, 2024 - February 2024 Patch Tuesday: Updates and Analysis
• Feb. 13, 2024 - Fat Patch Tuesday, February 2024 Edition –
• Feb. 13, 2024 - Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
• Feb. 13, 2024 - Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

Back to top ↑

Audinate — Dante Discovery

CVE-2022-23748 / Added: Feb. 6, 2025

HIGH CVSS 7.80 EPSS Score 0.07 EPSS Percentile 32.41

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code.

Headlines

• Oct. 14, 2023 - ToddyCat's Stealthy Assault: Asian Nations in the Crosshairs
• Oct. 12, 2023 - ToddyCat hackers use 'disposable' malware to target Asian telecoms
• Oct. 12, 2023 - Chinese APT ToddyCat Targets Asian Telecoms, Governments
• Oct. 11, 2023 - Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware

Back to top ↑

7-Zip — 7-Zip

CVE-2025-0411 / Added: Feb. 6, 2025

HIGH CVSS 7.00 EPSS Score 0.04 EPSS Percentile 11.48

7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user.

Headlines

• Feb. 4, 2025 - 7-Zip MotW bypass exploited in zero-day attacks against Ukraine
• Feb. 4, 2025 - Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
• Feb. 4, 2025 - Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
• Feb. 4, 2025 - CVE-2025-0411: 7-Zip Vulnerability Exploited in Attacks on Ukraine
• Jan. 27, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
• Jan. 27, 2025 - PoC for 7-Zip CVE-2025-0411 Lets Attackers Bypass MotW and Run Malicious Code
• Jan. 23, 2025 - 7-Zip users need to take action right now to address a serious security flaw

Back to top ↑

Linux — Kernel

CVE-2024-53104 / Added: Feb. 5, 2025

HIGH CVSS 7.80 EPSS Score 0.14 EPSS Percentile 49.81

Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.

Headlines

• Feb. 5, 2025 - U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA orders agencies to patch Linux kernel bug exploited in attacks
• Feb. 4, 2025 - Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation
• Feb. 4, 2025 - Google warns Android users of a kernel flaw under attack
• Feb. 4, 2025 - Google warns Android users of a kernel flaw under attack
• Feb. 4, 2025 - Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
• Feb. 4, 2025 - CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update
• Feb. 4, 2025 - Google fixed actively exploited kernel zero-day flaw
• Feb. 3, 2025 - Google fixes Android kernel zero-day exploited in attacks

Back to top ↑

Paessler — PTRG Network Monitor

CVE-2018-19410 / Added: Feb. 4, 2025

CRITICAL CVSS 9.80 EPSS Score 4.91 EPSS Percentile 92.77

Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).

Headlines

• Feb. 5, 2025 - CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
• Feb. 5, 2025 - U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA Flags Four Actively Exploited Security Vulnerabilities in KEV Catalog

Back to top ↑

Microsoft — .NET Framework

CVE-2024-29059 / Added: Feb. 4, 2025

HIGH CVSS 7.50 EPSS Score 69.86 EPSS Percentile 98.24

Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.

Headlines

• Feb. 5, 2025 - CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
• Feb. 5, 2025 - U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA Flags Four Actively Exploited Security Vulnerabilities in KEV Catalog

Back to top ↑

Apache — OFBiz

CVE-2024-45195 / Added: Feb. 4, 2025

HIGH CVSS 7.50 EPSS Score 71.15 EPSS Percentile 98.28

Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.

Headlines

• Feb. 5, 2025 - CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
• Feb. 5, 2025 - U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA Flags Four Actively Exploited Security Vulnerabilities in KEV Catalog
• Sept. 13, 2024 - Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released
• Sept. 8, 2024 - Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast
• Sept. 6, 2024 - Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
• Sept. 6, 2024 - Apache fixed a new remote code execution flaw in Apache OFBiz
• Sept. 6, 2024 - Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
• Sept. 5, 2024 - Apache fixes critical OFBiz remote code execution vulnerability

Back to top ↑

Paessler — PRTG Network Monitor

CVE-2018-9276 / Added: Feb. 4, 2025

HIGH CVSS 7.20 EPSS Score 81.10 EPSS Percentile 98.61

Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.

Headlines

• Feb. 5, 2025 - CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
• Feb. 5, 2025 - U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA Flags Four Actively Exploited Security Vulnerabilities in KEV Catalog

Back to top ↑

CVE-2024-45569

CRITICAL CVSS 9.80 EPSS Score 0.08 EPSS Percentile 35.96

Risk Context N/A

Published: Feb. 3, 2025

Memory corruption while parsing the ML IE due to invalid frame content.

Vendor Impacted: Qualcomm

Products Impacted: Qcn6112, Wcn7880 Firmware, Sa8770p, Snapdragon X75 5g Modem-Rf, Srv1h Firmware, Fastconnect 6700, Immersive Home 216 Firmware, Ipq8070a Firmware, Qca4024 Firmware, Sm8635p, Ipq8173, Qcn6402 Firmware, Sa8775p, Ipq6028 Firmware, Sm8635 Firmware, Qca9888, Wcn7880, Wsa8845h Firmware, Wcd9380, Qcn5022, Sm8635, Immersive Home 214 Firmware, Sa6155p, Immersive Home 326, Wcd9340 Firmware, Qcn5152, Sa8650p Firmware, Qca6696 Firmware, Wsa8835, Qca6595, Qcn9160, Qcn6023 Firmware, Ipq8078a Firmware, Qca0000, Qca8386 Firmware, Qam8255p Firmware, Ipq8071a, Sdx65m Firmware, Qca6574a, Video Collaboration Vc3 Platform, Qcm5430 Firmware, Qca6574au Firmware, Ipq9048 Firmware, Ipq9570, Qcm6490 Firmware, Qcs8300 Firmware, Wcn7860 Firmware, Qca8386, Qca6678aq Firmware, Immersive Home 3210 Firmware, Qcm8550 Firmware, Qcs9100, Srv1m, Sdx55 Firmware, Qcn9072 Firmware, Snapdragon 8\+ Gen 2 Mobile, Srv1h, Qcn9160 Firmware, Qcn5122 Firmware, Qcn9100 Firmware, Wcd9395 Firmware, Qca4024, Qcn6224 Firmware, Ipq8078 Firmware, Srv1l,...

Quotes

• Physical escalation of privilege with no additional execution privileges needed
• Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level

Headlines

• Feb. 4, 2025 - Google warns Android users of a kernel flaw under attack
• Feb. 4, 2025 - Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
• Feb. 4, 2025 - CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update
• Feb. 4, 2025 - Google fixed actively exploited kernel zero-day flaw
• Feb. 3, 2025 - Google fixes Android kernel zero-day exploited in attacks

CVE-2018-19410

CRITICAL CVSS 9.80 EPSS Score 4.91 EPSS Percentile 92.77

CISA Known Exploited Public Exploits Available

Published: Nov. 21, 2018

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).

Vendor Impacted: Paessler

Products Impacted: Prtg Network Monitor, Ptrg Network Monitor

Quotes

• After careful investigation, we determined this case does not meet our bar for immediate servicing

Headlines

• Feb. 5, 2025 - CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
• Feb. 5, 2025 - U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA Flags Four Actively Exploited Security Vulnerabilities in KEV Catalog

CVE-2024-40891

HIGH CVSS 8.80 EPSS Score 0.05 EPSS Percentile 23.20

Risk Context N/A

Published: Feb. 4, 2025

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.

Quotes

• At imminent risk of exploitation
• Are legacy products that have reached end-of-life (EOL) for years
• While these systems are older and seemingly long out of support, they remain highly relevant due to their continued use worldwide and the sustained interest from attackers

Headlines

• Feb. 5, 2025 - Swap EOL Zyxel routers, upgrade Netgear ones!
• Feb. 4, 2025 - Zyxel won’t patch newly exploited flaws in end-of-life routers
• Feb. 3, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
• Feb. 2, 2025 - newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION
• Feb. 2, 2025 - Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers

CVE-2024-53104

HIGH CVSS 7.80 EPSS Score 0.14 EPSS Percentile 49.81

CISA Known Exploited Actively Exploited

Published: Dec. 2, 2024

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

Vendor Impacted: Linux

Products Impacted: Linux Kernel, Kernel

Quotes

• Physical escalation of privilege with no additional execution privileges needed
• There are indications that CVE-2024-53104 may be under limited, targeted exploitation
• Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level

Headlines

• Feb. 5, 2025 - U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA orders agencies to patch Linux kernel bug exploited in attacks
• Feb. 4, 2025 - Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation
• Feb. 4, 2025 - Google warns Android users of a kernel flaw under attack
• Feb. 4, 2025 - Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
• Feb. 4, 2025 - CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update
• Feb. 4, 2025 - Google fixed actively exploited kernel zero-day flaw
• Feb. 3, 2025 - Google fixes Android kernel zero-day exploited in attacks

CVE-2025-0626

HIGH CVSS 7.50 EPSS Score 0.04 EPSS Percentile 11.48

Risk Context N/A

Published: Jan. 30, 2025

Contec Health CMS8000 Patient Monitor sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device.

Quotes

• The reverse backdoor provides automated connectivity to a hard-coded IP address from the Contec CMS8000 devices, allowing the device to download and execute unverified remote files
• Once the patient monitor is connected to the internet, it begins gathering patient data, including personally identifiable information and protected health information, and exfiltrating the data outside of the health care delivery environment

Headlines

• Feb. 3, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
• Feb. 3, 2025 - Medical monitoring machines spotted stealing patient data
• Feb. 3, 2025 - CISA Warns of Hidden Backdoor in Contec CMS8000 Patient Monitors

CVE-2024-56161

HIGH CVSS 7.20 EPSS Score 0.04 EPSS Percentile 11.48

Actively Exploited Remote Code Execution

Published: Feb. 3, 2025

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Quotes

• Insecure hash function in the signature validation for microcode updates
• We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates
• Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP
• Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP

Headlines

• Feb. 6, 2025 - Google Security Team Uncovers AMD Microcode Vulnerability (CVE-2024-56161)
• Feb. 5, 2025 - AMD fixes bug that lets hackers load malicious microcode patches
• Feb. 4, 2025 - How to make any AMD Zen CPU always generate 4 from RDRAND
• Feb. 4, 2025 - AMD fixed a flaw that allowed to load malicious microcode
• Feb. 4, 2025 - AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

CVE-2018-9276

HIGH CVSS 7.20 EPSS Score 81.10 EPSS Percentile 98.61

CISA Known Exploited Public Exploits Available

Published: July 2, 2018

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

Vendor Impacted: Paessler

Product Impacted: Prtg Network Monitor

Quotes

• After careful investigation, we determined this case does not meet our bar for immediate servicing

Headlines

• Feb. 5, 2025 - CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
• Feb. 5, 2025 - U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - CISA Flags Four Actively Exploited Security Vulnerabilities in KEV Catalog

CVE-2025-0411

HIGH CVSS 7.00 EPSS Score 0.04 EPSS Percentile 11.48

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Jan. 25, 2025

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

Vendor Impacted: 7-Zip

Product Impacted: 7-Zip

Quotes

• The attackers designed an inner archive mimicking a.doc file
• CVE-2025-0411 allows threat actors to bypass Windows MoTW protections by double archiving contents using 7-Zip. Double archiving involves incapsulating an archive within an archive
• The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files

Headlines

• Feb. 4, 2025 - 7-Zip MotW bypass exploited in zero-day attacks against Ukraine
• Feb. 4, 2025 - Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
• Feb. 4, 2025 - Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
• Feb. 4, 2025 - CVE-2025-0411: 7-Zip Vulnerability Exploited in Attacks on Ukraine

CVE-2025-0683

MEDIUM CVSS 5.90 EPSS Score 0.04 EPSS Percentile 11.48

Risk Context N/A

Published: Jan. 30, 2025

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario.

Quotes

• The reverse backdoor provides automated connectivity to a hard-coded IP address from the Contec CMS8000 devices, allowing the device to download and execute unverified remote files
• Once the patient monitor is connected to the internet, it begins gathering patient data, including personally identifiable information and protected health information, and exfiltrating the data outside of the health care delivery environment

Headlines

• Feb. 3, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
• Feb. 3, 2025 - Medical monitoring machines spotted stealing patient data
• Feb. 3, 2025 - CISA Warns of Hidden Backdoor in Contec CMS8000 Patient Monitors