Snapshot
Oct. 26, 2024 - Nov. 1, 2024
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
No issues added to the CISA Known Exploited Vulnerability list. | ||||
Newswires |
||||
Fog and Akira Ransomware Operations Exploit SonicWall VPNs for Network Infiltration
Ransomware groups Fog and Akira are reportedly exploiting SonicWall VPNs to infiltrate corporate networks. |
Oct. 27, 2024 |
|||
Cisco Adds Security Features to Thwart VPN Brute-Force Attacks
Cisco has rolled out new security features to its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) to combat brute-force and password spray attacks. |
Oct. 26, 2024 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2024-9264 (1) | The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. | CRITICAL |
Remote Code Execution Public Exploits Available |
|
CVE-2024-38812 (3) | The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. | CRITICAL | Vmware |
Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2024-47575 (2) | A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 th... | CRITICAL | Fortinet |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2024-9537 (2) | ScienceLogic SL1 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. | CRITICAL | Sciencelogic |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2024-38202 (1) | Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an... | HIGH | Microsoft | Risk Context N/A |
CVE-2024-38094 (2) | Microsoft SharePoint Remote Code Execution Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2024-21302 (1) | Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtu... | MEDIUM | Microsoft | Risk Context N/A |
CVE-2024-37383 (2) | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | MEDIUM | Debian, Roundcube |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2024-20481 (3) | A vulnerability in the Remote Access VPN service of Cisco Adaptive Security Appliance Software and Cisco Firepower Threat D... | MEDIUM | Cisco |
CISA Known Exploited Actively Exploited Remote Code Execution |
CISA Known Exploited Vulnerabilities
CISA added 0 vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-9264 |
CRITICAL CVSS 9.90 EPSS Score 0.04 EPSS Percentile 9.83 |
Remote Code Execution Public Exploits Available |
Published: Oct. 18, 2024 |
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. |
Headlines |
Back to top ↑ |
CVE-2024-38812 |
CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 40.73 |
Actively Exploited Remote Code Execution Public Exploits Available |
Published: Sept. 17, 2024 |
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. |
Vendor Impacted: Vmware |
Product Impacted: Vcenter Server |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-47575 |
CRITICAL CVSS 9.80 EPSS Score 1.28 EPSS Percentile 86.10 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 23, 2024 |
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. |
Vendor Impacted: Fortinet |
Products Impacted: Fortimanager Cloud, Fortimanager |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-9537 |
CRITICAL CVSS 9.80 EPSS Score 3.64 EPSS Percentile 91.91 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Oct. 18, 2024 |
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. |
Vendor Impacted: Sciencelogic |
Product Impacted: Sl1 |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-38202 |
HIGH CVSS 7.30 EPSS Score 0.05 EPSS Percentile 18.63 |
Risk Context N/A |
Published: Aug. 8, 2024 |
Summary
Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.
Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. **Note:**Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.
If there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs.
Details
A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the ...
|
Vendor Impacted: Microsoft |
Products Impacted: Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2, Windows 10 21h2, Windows Server 2016, Windows 11 21h2, Windows Server 2022, Windows Server 2019, Windows 10 22h2, Windows 10 1607, Windows 10 1809 |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-38094 |
HIGH CVSS 7.20 EPSS Score 3.49 EPSS Percentile 91.75 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: July 9, 2024 |
Microsoft SharePoint Remote Code Execution Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Sharepoint Server, Sharepoint |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-21302 |
MEDIUM CVSS 6.70 EPSS Score 0.04 EPSS Percentile 10.54 |
Risk Context N/A |
Published: Aug. 8, 2024 |
Summary:
Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.
Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.
This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.
Update: August 13, 2024
Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.
Details:
A security researcher informed Microsoft of an elevation...
|
Vendor Impacted: Microsoft |
Products Impacted: Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2, Windows 10 21h2, Windows 11 24h2, Windows Server 2016, Windows 10 1507, Windows 11 21h2, Windows Server 2019, Windows Server 2022, Windows 10 22h2, Windows 10 1607, Windows 10 1809 |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-37383 |
MEDIUM CVSS 6.10 EPSS Score 3.65 EPSS Percentile 91.91 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: June 7, 2024 |
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. |
Vendors Impacted: Debian, Roundcube |
Products Impacted: Webmail, Debian Linux |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2024-20481 |
MEDIUM CVSS 5.80 EPSS Score 1.18 EPSS Percentile 85.48 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Oct. 23, 2024 |
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials. |
Vendor Impacted: Cisco |
Product Impacted: Adaptive Security Appliance (Asa) And Firepower Threat Defense (Ftd) |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.