Snapshot
Jan. 13, 2023 - Jan. 20, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2022-44877 | CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter. | CRITICAL | CWP | Jan. 17, 2023 |
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2022-42475 (6) | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 throu... | CRITICAL | Fortinet |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2022-3236 (6) | A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall ve... | CRITICAL | Sophos |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2022-4873 (4) | On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. | CRITICAL | Netcommwireless |
Remote Code Execution |
CVE-2022-46169 (4) | Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework... | CRITICAL |
Actively Exploited Remote Code Execution Public Exploits Available |
|
CVE-2022-4874 (4) | Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. | HIGH | Risk Context N/A | |
CVE-2022-47966 (12) | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to us... | N/A |
Actively Exploited Remote Code Execution Public Exploits Available |
|
CVE-2022-41903 (9) | Git is distributed revision control system. | N/A |
Remote Code Execution |
|
CVE-2022-23521 (7) | Git is distributed revision control system. | N/A |
Remote Code Execution Public Exploits Available |
|
CVE-2023-20010 (3) | A vulnerability in the web-based management interface of Cisco Unified Communications Manager and Cisco Unified Communicatio... | N/A | Risk Context N/A | |
CVE-2022-46732 (3) | Even if the authentication fails for local service authentication, the requested command could still execute regardless of au... | N/A | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added 1 vulnerability to the known exploited vulnerabilities list.
CWP — Control Web Panel |
CVE-2022-44877 / Added: Jan. 17, 2023 |
CRITICAL CVSS 9.80 |
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter. |
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2022-42475 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Jan. 2, 2023 |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. |
Vendor Impacted: Fortinet |
Products Impacted: Fim-7910e, Fortigate-6501f-Dc, Fortigate-7060e, Fortigate-6500f, Fortigate-6300f-Dc, Fortigate-6500f-Dc, Fortiproxy, Fim-7921f, Fortigate-7121f, Fpm-7620e, Fim-7920e, Fim-7904e, Fpm-7630e, Fortigate-7040e, Fortios, Fortigate-6501f, Fortigate-6601f-Dc, Fortigate-7030e, Fim-7941f, Fortigate-6300f, Fim-7901e, Fpm-7620f, Fortigate-6601f |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-3236 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Sept. 23, 2022 |
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. |
Vendor Impacted: Sophos |
Product Impacted: Firewall |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-4873 |
CRITICAL CVSS 9.80 |
Remote Code Execution |
Published: Jan. 11, 2023 |
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location. |
Vendor Impacted: Netcommwireless |
Products Impacted: Nl1902 Firmware, Nf20 Firmware, Nl1902, Nf20mesh Firmware, Nf20mesh, Nf20 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-46169 |
CRITICAL CVSS 9.80 |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: Dec. 5, 2022 |
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-4874 |
HIGH CVSS 7.50 |
Risk Context N/A |
Published: Jan. 11, 2023 |
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-47966 |
CVSS Not Assigned |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: Jan. 18, 2023 |
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-41903 |
CVSS Not Assigned |
Remote Code Execution |
Published: Jan. 17, 2023 |
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-23521 |
CVSS Not Assigned |
Remote Code Execution Public Exploits Available |
Published: Jan. 17, 2023 |
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20010 |
CVSS Not Assigned |
Risk Context N/A |
Published: Jan. 20, 2023 |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges. |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2022-46732 |
CVSS Not Assigned |
Risk Context N/A |
Published: Jan. 18, 2023 |
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.