Snapshot
March 2, 2024 - March 8, 2024
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2024-27198 | JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions. | CRITICAL | JetBrains | March 7, 2024 |
| CVE-2024-23225 | Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. | HIGH | Apple | March 6, 2024 |
| CVE-2024-23296 | Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. | HIGH | Apple | March 6, 2024 |
| CVE-2021-36380 | Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi. | CRITICAL | Sunhillo | March 5, 2024 |
| CVE-2023-21237 | Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information. | MEDIUM | Android | March 5, 2024 |
| CVE-2024-21338 | Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. | HIGH | Microsoft | March 4, 2024 |
Newswires |
||||
|
Critical Vulnerability in Fortinet Systems Could Affect 150,000 Devices
A severe security vulnerability, CVE-2024-21762, has been identified in Fortinet FortiOS and FortiProxy secure web gateway systems, potentially impacting approximately 150,000 devices. |
March 8, 2024 |
|||
|
QNAP Alerts Users about Critical Authentication Bypass Vulnerability in NAS Devices
QNAP, a maker of Network Attached Storage (NAS) devices, has issued a warning about vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud. |
March 8, 2024 |
|||
|
Stealthy Exploits Target Atlassian Confluence: In-Memory Web Shells Deployed
New proof-of-concept (PoC) exploits are being utilized in the wild for a flaw in Atlassian Confluence Data Center and Confluence Server. |
March 8, 2024 |
|||
|
CISA Highlights Active Exploitation of JetBrains TeamCity Software Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an actively exploited security flaw in the JetBrains TeamCity On-Premises software. |
March 8, 2024 |
|||
|
Cisco Addresses High-Severity Vulnerabilities in its VPN Product
Cisco, the multinational technology conglomerate, has issued patches for two high-severity vulnerabilities found within its Secure Client application, a VPN solution that also offers security and monitoring features. |
March 7, 2024 |
|||
|
CISA Lists Apple iOS and iPadOS Memory Corruption Bugs in its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. |
March 7, 2024 |
|||
|
Widespread Exploitation of Critical TeamCity Flaw to Create Admin Accounts
Hackers have begun exploiting a critical authentication bypass vulnerability, CVE-2024-27198, in TeamCity On-Premises, a product of JetBrains. |
March 7, 2024 |
|||
|
Massive Exploitation of TeamCity Auth Bypass Vulnerability Leads to Creation of Admin Accounts
Hackers have begun to exploit a critical-severity authentication bypass vulnerability, CVE-2024-27198, in TeamCity On-Premises. |
March 7, 2024 |
|||
|
Crypto Mining Malware Campaign Targets Misconfigured Servers
Threat actors are exploiting misconfigured servers running services such as Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis as part of a new malware campaign. |
March 6, 2024 |
|||
|
VMware Addresses Critical Sandbox Escape Vulnerabilities in Multiple Products
VMware has issued security patches to rectify critical sandbox escape vulnerabilities present in its ESXi, Workstation, Fusion, and Cloud Foundation products. |
March 6, 2024 |
|||
|
CISA Highlights Exploitation of Pixel Phone and Sunhillo SureLine Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has updated its catalog of Known Exploited Vulnerabilities (KEV) to include two significant flaws. |
March 6, 2024 |
|||
|
Critical ESXi Sandbox Escape Vulnerabilities Addressed by VMware in Urgent Updates
VMware, a renowned name in the field of virtualization, has urgently rolled out updates to mitigate critical ESXi sandbox escape vulnerabilities present in its ESXi, Workstation, Fusion, and Cloud Foundation offerings. |
March 5, 2024 |
|||
|
Apple Responds to Exploited iOS Zero-Days with Emergency Security Updates
Apple has released crucial security updates to rectify two iOS zero-day vulnerabilities that have been exploited in attacks on iPhones. |
March 5, 2024 |
|||
|
CISA Lists Windows Kernel Bug Exploited by Lazarus Group in its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the CVE-2024-21338 Microsoft Windows Kernel vulnerability in its Known Exploited Vulnerabilities catalog. |
March 5, 2024 |
|||
|
Critical Vulnerabilities in TeamCity Pose Threat to Software Supply Chain
Critical vulnerabilities have been discovered in the CI/CD pipeline tool, JetBrains TeamCity, which could potentially allow cyber criminals to gain administrative control over servers. |
March 4, 2024 |
|||
|
Critical Exploit for TeamCity Auth Bypass Bug Available: Immediate Patching Recommended
A critical vulnerability, identified as CVE-2024-27198, in JetBrains' TeamCity On-Premises CI/CD solution could potentially allow a remote, unauthenticated attacker to gain control of the server with administrative rights. |
March 4, 2024 |
|||
|
North Korean APT Group Kimsuky Exploits ScreenConnect Vulnerabilities to Deploy New ToddleShark Malware
The North Korean Advanced Persistent Threat (APT) group Kimsuky is exploiting vulnerabilities in ScreenConnect, specifically CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant named ToddleShark. |
March 4, 2024 |
|||
|
Phobos Ransomware Targets U.S. Critical Infrastructure: Government Agencies Issue Warning
U.S. cybersecurity and intelligence agencies have raised the alarm over Phobos ransomware attacks that are currently targeting entities such as municipal and county governments, emergency services, education, public healthcare, and critical infrastructure. |
March 4, 2024 |
|||
|
North Korean Lazarus Group Exploited Windows Kernel Bug as Zero-Day for Six Months
Last month, Microsoft remedied a high-risk Windows Kernel privilege escalation vulnerability, CVE-2024-21338, half a year after being notified that it was being actively exploited. |
March 2, 2024 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2024-1709 (6) | ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vuln... | CRITICAL | Connectwise |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2024-27198 (15) | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | CRITICAL | Jetbrains |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2022-26134 (5) | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthe... | CRITICAL | Atlassian |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2024-22252 (6) | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. | CRITICAL |
Public Exploits Available |
|
| CVE-2024-22253 (5) | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. | CRITICAL | Risk Context N/A | |
| CVE-2024-1708 (6) | ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ab... | HIGH | Connectwise | Risk Context N/A |
| CVE-2024-22254 (4) | VMware ESXi contains an out-of-bounds write vulnerability. | HIGH | Risk Context N/A | |
| CVE-2024-23296 (7) | A memory corruption issue was addressed with improved validation. | HIGH | Apple |
CISA Known Exploited |
| CVE-2024-23225 (7) | A memory corruption issue was addressed with improved validation. | HIGH | Apple |
CISA Known Exploited |
| CVE-2024-27199 (11) | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | HIGH | Risk Context N/A | |
CISA Known Exploited Vulnerabilities
CISA added six vulnerabilities to the known exploited vulnerabilities list.
Apple — iOS and iPadOS |
|
CVE-2024-23225 / Added: March 6, 2024 |
|
HIGH CVSS 7.80 EPSS Score 0.10 EPSS Percentile 41.72 |
|
Apple iOS and iPadOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. |
|
Headlines
|
Apple — iOS and iPadOS |
|
CVE-2024-23296 / Added: March 6, 2024 |
|
HIGH CVSS 7.80 EPSS Score 0.17 EPSS Percentile 52.90 |
|
Apple iOS and iPadOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. |
|
Headlines
|
Sunhillo — SureLine |
|
CVE-2021-36380 / Added: March 5, 2024 |
|
CRITICAL CVSS 9.80 EPSS Score 97.52 EPSS Percentile 99.98 |
|
Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi. |
|
Headlines
|
Android — Pixel |
|
CVE-2023-21237 / Added: March 5, 2024 |
|
MEDIUM CVSS 5.50 EPSS Score 0.18 EPSS Percentile 54.97 |
|
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information. |
|
Headlines
|
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-1709 |
|
CRITICAL CVSS 10.00 EPSS Score 93.46 EPSS Percentile 99.03 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: Feb. 21, 2024 |
|
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. |
|
Vendor Impacted: Connectwise |
|
Product Impacted: Screenconnect |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-27198 |
|
CRITICAL CVSS 9.80 EPSS Score 97.10 EPSS Percentile 99.76 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: March 4, 2024 |
|
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible |
|
Vendor Impacted: Jetbrains |
|
Product Impacted: Teamcity |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2022-26134 |
|
CRITICAL CVSS 9.80 EPSS Score 97.53 EPSS Percentile 99.99 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: June 3, 2022 |
|
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. |
|
Vendor Impacted: Atlassian |
|
Products Impacted: Confluence Server/data Center, Confluence Data Center, Confluence Server |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-22252 |
|
CRITICAL CVSS 9.30 EPSS Score 0.04 EPSS Percentile 7.08 |
|
Public Exploits Available |
|
Published: March 5, 2024 |
|
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-22253 |
|
CRITICAL CVSS 9.30 EPSS Score 0.04 EPSS Percentile 7.08 |
|
Risk Context N/A |
|
Published: March 5, 2024 |
|
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-1708 |
|
HIGH CVSS 8.40 EPSS Score 0.05 EPSS Percentile 16.19 |
|
Risk Context N/A |
|
Published: Feb. 21, 2024 |
|
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. |
|
Vendor Impacted: Connectwise |
|
Product Impacted: Screenconnect |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-22254 |
|
HIGH CVSS 7.90 EPSS Score 0.04 EPSS Percentile 7.08 |
|
Risk Context N/A |
|
Published: March 5, 2024 |
|
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-23296 |
|
HIGH CVSS 7.80 EPSS Score 0.17 EPSS Percentile 52.90 |
|
CISA Known Exploited |
|
Published: March 5, 2024 |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
|
Vendor Impacted: Apple |
|
Products Impacted: Ios And Ipados, Ipad Os, Iphone Os |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-23225 |
|
HIGH CVSS 7.80 EPSS Score 0.10 EPSS Percentile 41.72 |
|
CISA Known Exploited |
|
Published: March 5, 2024 |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
|
Vendor Impacted: Apple |
|
Products Impacted: Ios And Ipados, Ipad Os, Iphone Os |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-27199 |
|
HIGH CVSS 7.30 EPSS Score 0.05 EPSS Percentile 19.45 |
|
Risk Context N/A |
|
Published: March 4, 2024 |
|
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
