VULNERA Pulse

Barracuda Networks — Email Security Gateway (ESG) Appliance

CVE-2023-2868 / Added: May 26, 2023

CRITICAL CVSS 9.40

Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.

Headlines

• May 26, 2023 - Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
• May 25, 2023 - Barracuda warns users about possible email compromise attacks - here's what you need to know
• May 25, 2023 - Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
• May 25, 2023 - Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)
• May 24, 2023 - Barracuda Email Security Gateway (ESG) hacked via zero-day bug

Back to top ↑

Apple — Multiple Products

CVE-2023-28204 / Added: May 22, 2023

CVSS Not Assigned

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information.

Headlines

• May 25, 2023 - It’s apparently hip to still be using Windows 7
• May 23, 2023 - The US government is having to patch a whole lot of iPhones
• May 22, 2023 - CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
• May 22, 2023 - CISA orders govt agencies to patch iPhone bugs exploited in attacks
• May 21, 2023 - Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days
• May 19, 2023 - Apple Patches 3 Zero-Days Possibly Already Exploited
• May 19, 2023 - Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
• May 19, 2023 - WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
• May 19, 2023 - Apple warns of three WebKit vulns under active exploitation

Back to top ↑

Apple — Multiple Products

CVE-2023-32373 / Added: May 22, 2023

CVSS Not Assigned

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution.

Headlines

• May 25, 2023 - It’s apparently hip to still be using Windows 7
• May 23, 2023 - The US government is having to patch a whole lot of iPhones
• May 22, 2023 - CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
• May 22, 2023 - CISA orders govt agencies to patch iPhone bugs exploited in attacks
• May 21, 2023 - Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days
• May 19, 2023 - Apple Patches 3 Zero-Days Possibly Already Exploited
• May 19, 2023 - Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
• May 19, 2023 - WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
• May 19, 2023 - Apple warns of three WebKit vulns under active exploitation

Back to top ↑

Apple — Multiple Products

CVE-2023-32409 / Added: May 22, 2023

CVSS Not Assigned

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox.

Headlines

• May 25, 2023 - It’s apparently hip to still be using Windows 7
• May 23, 2023 - The US government is having to patch a whole lot of iPhones
• May 22, 2023 - CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
• May 22, 2023 - CISA orders govt agencies to patch iPhone bugs exploited in attacks
• May 21, 2023 - Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days
• May 19, 2023 - Apple Patches 3 Zero-Days Possibly Already Exploited
• May 19, 2023 - WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
• May 19, 2023 - Apple warns of three WebKit vulns under active exploitation
• May 18, 2023 - Apple patches three exploited Safari vulnerabilities

Back to top ↑

CVE-2023-33010

CRITICAL CVSS 9.80

Remote Code Execution

Published: May 24, 2023

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Quotes

• Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities

Headlines

• May 26, 2023 - Zyxel says its firewall and VPN devices have critical security flaws, so patch now
• May 26, 2023 - Zyxel Firewalls Hacked by Mirai Botnet
• May 25, 2023 - Zyxel firewall and VPN devices affected by critical flaws
• May 25, 2023 - Zyxel Issues Critical Security Patches for Firewall and VPN Products

CVE-2023-33009

CRITICAL CVSS 9.80

Remote Code Execution

Published: May 24, 2023

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Quotes

• Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities

Headlines

• May 26, 2023 - Zyxel says its firewall and VPN devices have critical security flaws, so patch now
• May 26, 2023 - Zyxel Firewalls Hacked by Mirai Botnet
• May 25, 2023 - Zyxel firewall and VPN devices affected by critical flaws
• May 25, 2023 - Zyxel Issues Critical Security Patches for Firewall and VPN Products

CVE-2023-28771

CRITICAL CVSS 9.80

Public Exploits Available

Published: April 25, 2023

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Vendor Impacted: Zyxel

Products Impacted: Zywall Usg 100 Firmware, Zywall Usg 310, Zywall Usg 310 Firmware

Quotes

• The vulnerable component is the Internet Key Exchange (IKE) packet decoder, which forms part of the IPSec VPN service offered by the device

Headlines

• May 26, 2023 - Zyxel Firewalls Hacked by Mirai Botnet
• May 25, 2023 - Zyxel firewall and VPN devices affected by critical flaws
• May 25, 2023 - Zyxel Issues Critical Security Patches for Firewall and VPN Products
• May 22, 2023 - Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

CVE-2023-28131

CRITICAL CVSS 9.60

Remote Code Execution

Published: April 24, 2023

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).

Vendor Impacted: Expo

Product Impacted: Expo Software Development Kit

Quotes

• Security vulnerabilities can happen on any website – it’s the response that matters
• Because this second OAuth vulnerability was discovered in a third-party framework used by hundreds of companies, the potential exposure was far greater
• The vulnerability would have allowed a potential attacker to trick a user into visiting a malicious link, logging in to a third-party auth provider, and inadvertently revealing their third-party auth credentials

Headlines

• May 25, 2023 - Expo Framework API Flaw Reveals User Data in Online Services
• May 24, 2023 - OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps
• May 24, 2023 - OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers

CVE-2023-2868

CRITICAL CVSS 9.40

CISA Known Exploited Actively Exploited

Published: May 24, 2023

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.

Vendor Impacted: Barracuda Networks

Product Impacted: Email Security Gateway (Esg) Appliance

Quotes

• The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives)
• Based on our investigation to date, we've identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances
• The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product
• The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). [It] stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product
• Barracuda identified a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023. A security patch to eliminate the vulnerability was applied to all ESG appliances worldwide on Saturday, May 20, 2023

Headlines

• May 26, 2023 - Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
• May 25, 2023 - Barracuda warns users about possible email compromise attacks - here's what you need to know
• May 25, 2023 - Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
• May 25, 2023 - Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)
• May 24, 2023 - Barracuda Email Security Gateway (ESG) hacked via zero-day bug

CVE-2023-32784

HIGH CVSS 7.50

Actively Exploited Remote Code Execution Public Exploits Available

Published: May 15, 2023

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Quotes

• Apart from the first password character, it is mostly able to recover the password in plaintext
• May have been actively exploited

Headlines

• May 22, 2023 - KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
• May 21, 2023 - newsletter Round 420 by Pierluigi Paganini – International edition
• May 21, 2023 - Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days