Snapshot
May 27, 2023 - June 2, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-34362 | Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements. | N/A | Progress | June 2, 2023 |
CVE-2023-28771 | Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device. | CRITICAL | Zyxel | May 31, 2023 |
Newswires |
||||
Operation Triangulation: 4-Year Spying Campaign Targets iOS Devices
For the past four years, an unknown advanced persistent threat (APT) actor has been covertly stealing information from iOS devices using a zero-click exploit delivered via iMessage. |
June 2, 2023 |
|||
Splunk Enterprise Patches High-Severity Vulnerabilities
Splunk recently announced security updates for Splunk Enterprise, which fix several high-severity vulnerabilities, some of which affect third-party packages utilized by the product. |
June 2, 2023 |
|||
XE Group Cybercrime Kingpin Unveiled by Cybersecurity Researchers
Cybersecurity researchers have recently exposed the identity of a person believed to be connected to the cybercrime group known as XE Group. |
June 1, 2023 |
|||
Moxa Addresses Critical Vulnerabilities in MXsecurity Software
Moxa has recently fixed two serious vulnerabilities in its MXsecurity product, which could have been exploited by malicious hackers targeting operational technology (OT) networks. |
June 1, 2023 |
|||
Critical Zyxel Firewall Vulnerability Actively Exploited by Hackers
Hackers are taking advantage of a critical command injection flaw in Zyxel networking devices, identified as CVE-2023-28771, to install malware. |
May 31, 2023 |
|||
Mirai Variant Exploits Tenda, Zyxel Devices for RCE, DDoS Attacks
A variant of the Mirai botnet, known as IZ1H9, has been discovered exploiting four distinct vulnerabilities in popular Linux-based servers and Internet of Things (IoT) devices. |
May 31, 2023 |
|||
Zero-Day Vulnerability in Barracuda Exploited for Months to Deploy Malware and Steal Data
Barracuda, a network and email security firm, has announced that a recently patched zero-day vulnerability had been exploited for a minimum of seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data. |
May 30, 2023 |
|||
Microsoft Uncovers macOS Flaw Allowing Hackers to Bypass SIP Root Restrictions
Apple has recently fixed a vulnerability, dubbed Migraine and tracked as CVE-2023-32369, that allowed attackers with root privileges to bypass System Integrity Protection (SIP) and install 'undeletable' malware. |
May 30, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-2868 (14) | A remote command injection vulnerability exists in the Barracuda Email Security Gateway product effecting versions 5.1.3.001... | CRITICAL | Barracuda Networks, Barracuda |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware |
CVE-2023-28771 (7) | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions ... | CRITICAL | Zyxel |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-33010 (4) | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1... | CRITICAL |
Remote Code Execution |
|
CVE-2023-33009 (4) | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1,... | CRITICAL |
Remote Code Execution |
|
CVE-2023-27350 (2) | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 . | CRITICAL | Papercut |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-28131 (2) | A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/web... | CRITICAL | Expo |
Remote Code Execution |
CVE-2022-46690 (2) | An out-of-bounds write issue was addressed with improved input validation. | HIGH | Apple |
Actively Exploited Remote Code Execution |
CVE-2021-30892 (3) | An inherited permissions issue was addressed with additional restrictions. | MEDIUM | Apple | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added two vulnerabilities to the known exploited vulnerabilities list.
Progress — MOVEit Transfer |
CVE-2023-34362 / Added: June 2, 2023 |
CVSS Not Assigned |
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements. |
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-2868 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware |
Published: May 24, 2023 |
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. |
Vendors Impacted: Barracuda Networks, Barracuda |
Products Impacted: Email Security Gateway 400, Email Security Gateway 800 Firmware, Email Security Gateway 900 Firmware, Email Security Gateway 600 Firmware, Email Security Gateway 900, Email Security Gateway 400 Firmware, Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 800, Email Security Gateway (Esg) Appliance, Email Security Gateway 600 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-28771 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: April 25, 2023 |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. |
Vendor Impacted: Zyxel |
Products Impacted: Zywall Usg 310, Zywall Usg 310 Firmware, Zywall Usg 100 Firmware, Multiple Firewalls |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-33010 |
CRITICAL CVSS 9.80 |
Remote Code Execution |
Published: May 24, 2023 |
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-33009 |
CRITICAL CVSS 9.80 |
Remote Code Execution |
Published: May 24, 2023 |
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-27350 |
CRITICAL CVSS 9.80 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: April 20, 2023 |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. |
Vendor Impacted: Papercut |
Products Impacted: Papercut Ng, Papercut Mf, Mf/ng |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-28131 |
CRITICAL CVSS 9.60 |
Remote Code Execution |
Published: April 24, 2023 |
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc). |
Vendor Impacted: Expo |
Product Impacted: Expo Software Development Kit |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2022-46690 |
HIGH CVSS 7.80 |
Actively Exploited Remote Code Execution |
Published: Dec. 15, 2022 |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. |
Vendor Impacted: Apple |
Products Impacted: Tvos, Watchos, Ipados, Macos, Iphone Os |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2021-30892 |
MEDIUM CVSS 5.50 |
Risk Context N/A |
Published: Aug. 24, 2021 |
An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to modify protected parts of the file system. |
Vendor Impacted: Apple |
Products Impacted: Macos, Mac Os X |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.