VULNERA Pulse

CVE-2022-43931

CRITICAL CVSS 10.00

Remote Code Execution

Published: Jan. 3, 2023

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

Vendor Impacted: Synology

Products Impacted: Vpn Plus Server, Router Manager

Quotes

• They fixed it right away - Blog – Hackaday
• A vulnerability allows remote attackers to possible execute arbitrary command via a susceptible version of Synology VPN Plus Server - TechRadar - All the latest technology news
• Allows remote attackers to execute arbitrary commands via unspecified vectors - The Hacker News
• Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors - Security Affairs

Headlines

• Jan. 6, 2023 - This Week in Security: Lastpass Takeaway, Bitcoin Loss, and PyTorch
• Jan. 4, 2023 - Synology patches maximum risk flaw in its VPN routers
• Jan. 4, 2023 - Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
• Jan. 3, 2023 - Synology fixes multiple critical vulnerabilities in its routers
• Jan. 3, 2023 - Synology fixes maximum severity vulnerability in VPN routers
• Jan. 3, 2023 - Critical Vulnerabilities Patched in Synology Routers

CVE-2022-41080

CRITICAL CVSS 9.80

Used In Ransomware Public Exploits Available

Published: Nov. 9, 2022

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.

Vendor Impacted: Microsoft

Product Impacted: Exchange Server

Quotes

• While there has been widespread speculation that the root cause of this incident was the result of the ProxyNotShell exploit, we can now definitively state that is not accurate - Security Affairs
• We have already communicated our findings to these customers proactively, and importantly, according to CrowdStrike, there is no evidence that the threat actor actually viewed, obtained, misused or disseminated emails or data in the PSTs for any of the 27 Hosted Exchange customers in any way - infosecurity-magazine.com
• The threat actor actually viewed, obtained, misused, or disseminated emails or data in the PSTs for any of the 27 Hosted Exchange customers in any way - SecurityWeek
• This zero-day exploit is associated with CVE-2022-41080 - The Hacker News
• Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a Remote Code Execution chain that was exploitable - Dark Reading
• Some or all of their data available to them for download - The Register - Security
• We are now highly confident that the root cause in this case pertains to a zero-day exploit associated with CVE-2022-41080 - Dark Reading
• We are now highly confident that the root cause in this case pertains to a zero-day exploit associated with CVE-2022-41080. See a recent blog by CrowdStrike for more information. Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a Remote Code Execution chain that was exploitable - BleepingComputer

Headlines

• Jan. 6, 2023 - Rackspace says hackers accessed customer data during ransomware attack
• Jan. 6, 2023 - Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment
• Jan. 6, 2023 - Personal Storage Table Files Accessed in Rackspace Attack
• Jan. 6, 2023 - Rackspace Completes Investigation Into Ransomware Attack
• Jan. 6, 2023 - Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach
• Jan. 6, 2023 - January 2023 Patch Tuesday forecast: Procrastinate at your own risk
• Jan. 5, 2023 - Rackspace Sunsets Email Service Downed in Ransomware Attack
• Jan. 5, 2023 - Rackspace blames ransomware woes on zero-day attack
• Jan. 5, 2023 - Play Ransomware Group Used New Exploitation Method in Rackspace Attack
• Jan. 4, 2023 - Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations
• Jan. 4, 2023 - Rackspace confirms Play ransomware was behind recent cyberattack

CVE-2022-35405

CRITICAL CVSS 9.80

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: July 19, 2022

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Vendors Impacted: Zohocorp, Zoho

Products Impacted: Manageengine Pam360, Manageengine, Manageengine Password Manager Pro, Manageengine Access Manager Plus

Quotes

• This security advisory is to let you know that a high severity vulnerability was detected in ManageEngine Password Manager Pro - Security Affairs
• We identified a SQL injection vulnerability (CVE-2022-47523) in our internal framework that would grant all [..] users unauthenticated access to the backend database - BleepingComputer
• We identified a SQL injection vulnerability (CVE-2022-47523) in our internal framework that would grant access to all [..] users to the backend database - BleepingComputer

Headlines

• Jan. 5, 2023 - Zoho urges fixing a critical SQL Injection flaw in ManageEngine
• Jan. 4, 2023 - Zoho urges admins to patch critical ManageEngine bug immediately
• Jan. 4, 2023 - Zoho urges admins to patch severe ManageEngine bug immediately

CVE-2022-41082

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Oct. 3, 2022

Microsoft Exchange Server Remote Code Execution Vulnerability.

Vendor Impacted: Microsoft

Product Impacted: Exchange Server

Quotes

• We have already communicated our findings to these customers proactively, and importantly, according to CrowdStrike, there is no evidence that the threat actor actually viewed, obtained, misused or disseminated emails or data in the PSTs for any of the 27 Hosted Exchange customers in any way - infosecurity-magazine.com
• This zero-day exploit is associated with CVE-2022-41080 - The Hacker News
• Some or all of their data available to them for download - The Register - Security
• We are now highly confident that the root cause in this case pertains to a zero-day exploit associated with CVE-2022-41080 - Dark Reading
• We are now highly confident that the root cause in this case pertains to a zero-day exploit associated with CVE-2022-41080. See a recent blog by CrowdStrike for more information. Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a Remote Code Execution chain that was exploitable - BleepingComputer
• Calculated by summing counts of unique IPs, which means that a - TechRadar - All the latest technology news

Headlines

• Jan. 6, 2023 - Personal Storage Table Files Accessed in Rackspace Attack
• Jan. 6, 2023 - Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach
• Jan. 6, 2023 - January 2023 Patch Tuesday forecast: Procrastinate at your own risk
• Jan. 5, 2023 - Rackspace blames ransomware woes on zero-day attack
• Jan. 4, 2023 - Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations
• Jan. 4, 2023 - Rackspace confirms Play ransomware was behind recent cyberattack
• Jan. 4, 2023 - Nearly 70K Unpatched Exchange Servers Are Sitting Ducks For ProxyNotShell Exploit
• Jan. 4, 2023 - Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks
• Jan. 4, 2023 - Thousands of Microsoft Exchange servers are still vulnerable to this dangerous flaw

CVE-2022-41040

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Oct. 3, 2022

Microsoft Exchange Server Elevation of Privilege Vulnerability.

Vendor Impacted: Microsoft

Product Impacted: Exchange Server

Quotes

• This zero-day exploit is associated with CVE-2022-41080 - The Hacker News
• Calculated by summing counts of unique IPs, which means that a - TechRadar - All the latest technology news

Headlines

• Jan. 6, 2023 - Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment
• Jan. 6, 2023 - Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach
• Jan. 6, 2023 - January 2023 Patch Tuesday forecast: Procrastinate at your own risk
• Jan. 4, 2023 - Thousands of Microsoft Exchange servers are still vulnerable to this dangerous flaw
• Jan. 3, 2023 - Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks

CVE-2022-37958

HIGH CVSS 8.10

Remote Code Execution Public Exploits Available

Published: Sept. 13, 2022

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2019, Windows Server 2022, Windows 7, Windows Server 2016, Windows Server 2008, Windows 11, Windows 10, Windows Server 2012, Windows 8.1

Headlines

• Jan. 5, 2023 - 3 Reasons to Make EDR Part of Your Incident Response Plan
• Jan. 5, 2023 - Laid Off by Big Tech? Cybersecurity is a Smart Career Move
• Jan. 4, 2023 - A Perfect Storm: 7 Reasons Global Attacks Will Soar in 2023
• Jan. 3, 2023 - How Can the White House’s New IoT Labels Improve Security?

CVE-2022-47523

CVSS Not Assigned

Risk Context N/A

Published: Jan. 5, 2023

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

Quotes

• An SQL Injection vulnerability (CVE-2022-47523) was discovered in Password Manager Pro, PAM360 and Access Manager Plus. We have fixed this issue by adding proper validation and escaping special characters - SecurityWeek
• This security advisory is to let you know that a high severity vulnerability was detected in ManageEngine Password Manager Pro - Security Affairs
• An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests - The Hacker News
• We identified a SQL injection vulnerability (CVE-2022-47523) in our internal framework that would grant all [..] users unauthenticated access to the backend database - BleepingComputer
• We identified a SQL injection vulnerability (CVE-2022-47523) in our internal framework that would grant access to all [..] users to the backend database - BleepingComputer

Headlines

• Jan. 5, 2023 - Zoho Urges ManageEngine Users to Patch Serious SQL Injection Vulnerability
• Jan. 5, 2023 - Zoho urges fixing a critical SQL Injection flaw in ManageEngine
• Jan. 5, 2023 - Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
• Jan. 4, 2023 - Zoho urges admins to patch critical ManageEngine bug immediately
• Jan. 4, 2023 - Zoho urges admins to patch severe ManageEngine bug immediately

CVE-2022-39947

CVSS Not Assigned

Risk Context N/A

Published: Jan. 3, 2023

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Quotes

• An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests - The Hacker News
• An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests - Security Affairs

Headlines

• Jan. 5, 2023 - Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
• Jan. 4, 2023 - Fortinet fixed multiple command injection bugs in FortiADC and FortiTester
• Jan. 4, 2023 - High-Severity Command Injection Flaws Found in Fortinet's FortiTester, FortiADC

CVE-2022-35845

CVSS Not Assigned

Risk Context N/A

Published: Jan. 3, 2023

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.

Quotes

• An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests - The Hacker News
• An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests - Security Affairs

Headlines

• Jan. 5, 2023 - Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
• Jan. 4, 2023 - Fortinet fixed multiple command injection bugs in FortiADC and FortiTester
• Jan. 4, 2023 - High-Severity Command Injection Flaws Found in Fortinet's FortiTester, FortiADC