Snapshot
Oct. 28, 2023 - Nov. 3, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2023-46604 | Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. | CRITICAL | Apache | Nov. 2, 2023 |
CVE-2023-46747 | F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748. | CRITICAL | F5 | Oct. 31, 2023 |
CVE-2023-46748 | F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747. | HIGH | F5 | Oct. 31, 2023 |
Newswires |
||||
Atlassian Alerts on Exploit for Critical Confluence Security Flaw
Atlassian has issued an alert about a public exploit for a critical security flaw in Confluence that could lead to data wiping attacks. |
Nov. 2, 2023 |
|||
HelloKitty Ransomware Targets Apache ActiveMQ Servers
The Managed Detection and Response team at Rapid7 has discovered a new cyber threat targeting Apache ActiveMQ servers. |
Nov. 2, 2023 |
|||
Critical Vulnerability Unearthed in Cisco's Firepower Management Center Software
On November 1, 2023, a critical vulnerability was identified in Cisco's Firepower Management Center (FMC) Software, as disclosed in a security advisory from Cisco. |
Nov. 2, 2023 |
|||
Over 3,000 Apache ActiveMQ Servers Exposed to Critical RCE Attacks Online
A critical remote code execution (RCE) vulnerability, identified as CVE-2023-46604, has left over 3,000 internet-exposed Apache ActiveMQ servers at risk. |
Nov. 1, 2023 |
|||
Stealthy Cyber Attacks Exploiting Recent F5 BIG-IP Vulnerabilities
F5 has issued a warning to administrators of BIG-IP devices, indicating that skilled hackers are exploiting two recently disclosed vulnerabilities, CVE-2023-46747 and CVE-2023-46748, to achieve stealthy code execution and erase evidence of their access. |
Nov. 1, 2023 |
|||
Atlassian Alerts Users of Critical Confluence Flaw Risking Data Loss
Atlassian, the Australian software company, has alerted administrators to immediately patch Confluence instances that are exposed to the internet due to a critical security flaw that could lead to data loss. |
Oct. 31, 2023 |
|||
Critical F5 BIG-IP Vulnerability Under Active Exploitation
The critical vulnerability (CVE-2023-46747) in F5’s BIG-IP product is being actively exploited. |
Oct. 31, 2023 |
|||
Proof of Concept Exploit Code Released for Critical Cisco IOS XE Vulnerability
The proof of concept (PoC) exploit code for a major vulnerability in Cisco IOS XE software, tracked as CVE-2023-20198, has been released to the public by researchers from Horizon3.ai. |
Oct. 31, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-46604 (8) | Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a... | CRITICAL | Apache |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-20198 (5) | Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software wh... | CRITICAL | Cisco |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-46747 (11) | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-... | CRITICAL | F5 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
CVE-2023-22515 (7) | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a pr... | CRITICAL | Atlassian |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-22518 (12) | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | CRITICAL |
Actively Exploited Public Exploits Available |
|
CVE-2023-46748 (9) | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated at... | HIGH | F5 |
CISA Known Exploited |
CVE-2023-5044 (3) | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | HIGH | Kubernetes |
Public Exploits Available |
CVE-2023-5043 (3) | Ingress nginx annotation injection causes arbitrary command execution. | HIGH | Kubernetes | Risk Context N/A |
CVE-2023-4966 (7) | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA ?virtual?server. | HIGH | Citrix |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2022-4886 (3) | Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. | MEDIUM | Kubernetes | Risk Context N/A |
CISA Known Exploited Vulnerabilities
CISA added three vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-46604 |
CRITICAL CVSS 10.00 EPSS Score 1.60 EPSS Percentile 85.97 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 27, 2023 |
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue. |
Vendor Impacted: Apache |
Product Impacted: Activemq |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-20198 |
CRITICAL CVSS 10.00 EPSS Score 95.56 EPSS Percentile 99.19 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 16, 2023 |
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory Cisco will provide updates on the status of this investigation and when a software patch is available. |
Vendor Impacted: Cisco |
Products Impacted: Ios Xe Web Ui, Ios Xe |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-46747 |
CRITICAL CVSS 9.80 EPSS Score 95.30 EPSS Percentile 99.13 |
CISA Known Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 26, 2023 |
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
Vendor Impacted: F5 |
Product Impacted: Big-Ip Configuration Utility |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22515 |
CRITICAL CVSS 9.80 EPSS Score 95.53 EPSS Percentile 99.18 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 4, 2023 |
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
Vendor Impacted: Atlassian |
Products Impacted: Confluence Server, Confluence Data Center, Confluence Data Center And Server |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22518 |
CRITICAL CVSS 9.10 EPSS Score 0.05 EPSS Percentile 20.10 |
Actively Exploited Public Exploits Available |
Published: Oct. 31, 2023 |
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-46748 |
HIGH CVSS 8.80 EPSS Score 0.61 EPSS Percentile 76.26 |
CISA Known Exploited |
Published: Oct. 26, 2023 |
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
Vendor Impacted: F5 |
Product Impacted: Big-Ip Configuration Utility |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-5044 |
HIGH CVSS 8.80 EPSS Score 0.06 EPSS Percentile 24.40 |
Public Exploits Available |
Published: Oct. 25, 2023 |
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. |
Vendor Impacted: Kubernetes |
Product Impacted: Ingress-Nginx |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-5043 |
HIGH CVSS 8.80 EPSS Score 0.26 EPSS Percentile 63.89 |
Risk Context N/A |
Published: Oct. 25, 2023 |
Ingress nginx annotation injection causes arbitrary command execution. |
Vendor Impacted: Kubernetes |
Product Impacted: Ingress-Nginx |
Quotes
|
Headlines |
Back to top ↑ |
CVE-2023-4966 |
HIGH CVSS 7.50 EPSS Score 92.27 EPSS Percentile 98.67 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 10, 2023 |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. |
Vendor Impacted: Citrix |
Products Impacted: Netscaler Application Delivery Contr, Netscaler Gateway, Netscaler Adc And Netscaler Gateway |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2022-4886 |
MEDIUM CVSS 6.50 EPSS Score 0.07 EPSS Percentile 31.11 |
Risk Context N/A |
Published: Oct. 25, 2023 |
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. |
Vendor Impacted: Kubernetes |
Product Impacted: Ingress-Nginx |
Quotes
|
Headlines |
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.