Snapshot
Oct. 14, 2023 - Oct. 20, 2023
CISA Known Exploited Vulnerabilities |
||||
---|---|---|---|---|
CVE | Summary | Severity | Vendor | Date Added |
CVE-2021-1435 | Cisco IOS XE contains a command injection vulnerability in the web user interface that could allow a remote, authenticated attacker to inject commands that can be executed as the root user. | HIGH | Cisco | Oct. 19, 2023 |
CVE-2023-4966 | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | HIGH | Citrix | Oct. 18, 2023 |
CVE-2023-20198 | Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device. | CRITICAL | Cisco | Oct. 16, 2023 |
Newswires |
||||
Massive Cyberattack Targets Cisco IOS XE Devices Through CVE-2023-20198 Exploitation
Researchers from LeakIX, using the indicators of compromise (IOCs) released by Cisco Talos, discovered approximately 30,000 Cisco IOS XE devices that have been compromised by exploiting the CVE-2023-20198 vulnerability. |
Oct. 20, 2023 |
|||
North Korean Hacking Groups Exploit TeamCity Vulnerability to Breach Networks
Microsoft has reported that North Korean hacking groups Lazarus and Andariel are exploiting a critical flaw, CVE-2023-42793, in TeamCity servers to deploy backdoor malware. |
Oct. 18, 2023 |
|||
Updated MATA Malware Framework Targets Defense and Energy Sectors
Between August 2022 and May 2023, an updated version of the MATA backdoor framework was identified in attacks on oil and gas companies, as well as defense firms in Eastern Europe. |
Oct. 18, 2023 |
|||
State-Backed Hackers Exploit WinRAR Vulnerability: A Google TAG Report
Google's Threat Analysis Group (TAG) has discovered that multiple state-sponsored hacking groups are taking advantage of a severe vulnerability in WinRAR, a widely-used compression software, to execute arbitrary code on victims' systems. |
Oct. 18, 2023 |
|||
Citrix NetScaler Vulnerability Exploited as Zero-Day since August
A critical security flaw identified as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited as a zero-day since late August, according to security researchers. |
Oct. 18, 2023 |
|||
Admin Account Hijack Vulnerability Uncovered in Synology's DiskStation Manager
A vulnerability in Synology's DiskStation Manager (DSM), which could be used to decode an administrator's password and remotely take control of the account, has been exposed. |
Oct. 18, 2023 |
|||
Unpatched Zero-Day Vulnerability Compromises Over 10,000 Cisco IOS XE Systems
A severe and unpatched vulnerability in the Cisco IOS XE operating system has been exploited, leading to over 10,000 devices being compromised worldwide. |
Oct. 17, 2023 |
|||
Severe Vulnerabilities Detected in Milesight Routers and Titan SFTP Servers
Security experts have warned about a significant vulnerability affecting industrial cellular routers from Milesight. |
Oct. 17, 2023 |
|||
Cisco Alerts on Active Exploitation of New IOS XE Zero-Day Vulnerability
Cisco has alerted administrators about a severe, unpatched zero-day vulnerability in its IOS XE Software, which is currently being actively exploited. |
Oct. 16, 2023 |
|||
Urgent Call from CISA, FBI to Patch Atlassian Confluence Over Severe Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly issued a warning to network administrators. |
Oct. 16, 2023 |
|||
Pro-Russian Cybercriminals Exploit WinRAR Vulnerability in New Phishing Campaign
Recently, pro-Russian cybercriminals have been found to be exploiting a newly identified security flaw in the WinRAR archiving utility. |
Oct. 16, 2023 |
|||
ToddyCat's Covert Operations: Asian Telecommunication and Government Bodies under Attack
Cybersecurity experts at Check Point have uncovered an extensive campaign, named 'Stayin’ Alive', targeting governmental bodies and telecommunication firms in several Asian nations. |
Oct. 14, 2023 |
|||
Vulnerabilities In The News |
||||
CVE | Summary | Severity | Vendor | Risk Context |
CVE-2023-20198 (21) | Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software wh... | CRITICAL | Cisco |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-22515 (8) | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a pr... | CRITICAL | Atlassian |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-42793 (8) | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | CRITICAL | Jetbrains |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-3519 (4) | Unauthenticated remote code execution | CRITICAL | Citrix |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
CVE-2023-38831 (11) | RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP... | HIGH | Rarlab |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2023-4966 (8) | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA ?virtual?server. | HIGH | Citrix |
CISA Known Exploited Actively Exploited Remote Code Execution |
CVE-2023-44487 (5) | The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly, as exploited in ... | HIGH | Grpc, Golang, F5, Amazon, Linkerd, Envoyproxy, Redhat, Traefik, Debian, Netapp, Microsoft, Ietf, Apache, Kazu-Yamamoto |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2021-26411 (4) | Internet Explorer Memory Corruption Vulnerability | HIGH | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CVE-2021-1435 (9) | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary comm... | HIGH | Cisco |
CISA Known Exploited |
CISA Known Exploited Vulnerabilities
CISA added three vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-20198 |
CRITICAL CVSS 10.00 EPSS Score 1.25 EPSS Percentile 84.04 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 16, 2023 |
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory Cisco will provide updates on the status of this investigation and when a software patch is available. |
Vendor Impacted: Cisco |
Product Impacted: Ios Xe Web Ui |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-22515 |
CRITICAL CVSS 9.80 EPSS Score 94.32 EPSS Percentile 98.93 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Oct. 4, 2023 |
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
Vendor Impacted: Atlassian |
Products Impacted: Confluence Data Center And Server, Confluence Server, Confluence Data Center |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-42793 |
CRITICAL CVSS 9.80 EPSS Score 97.21 EPSS Percentile 99.76 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: Sept. 19, 2023 |
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible |
Vendor Impacted: Jetbrains |
Product Impacted: Teamcity |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-3519 |
CRITICAL CVSS 9.80 EPSS Score 88.98 EPSS Percentile 98.37 |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
Published: July 19, 2023 |
Unauthenticated remote code execution |
Vendor Impacted: Citrix |
Products Impacted: Netscaler Gateway, Netscaler Application Delivery Contr, Netscaler Adc And Netscaler Gateway |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-38831 |
HIGH CVSS 7.80 EPSS Score 23.40 EPSS Percentile 96.01 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Aug. 23, 2023 |
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023. |
Vendor Impacted: Rarlab |
Product Impacted: Winrar |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-4966 |
HIGH CVSS 7.50 EPSS Score 0.75 EPSS Percentile 78.91 |
CISA Known Exploited Actively Exploited Remote Code Execution |
Published: Oct. 10, 2023 |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. |
Vendor Impacted: Citrix |
Products Impacted: Netscaler Gateway, Netscaler Application Delivery Contr, Netscaler Adc And Netscaler Gateway |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2023-44487 |
HIGH CVSS 7.50 EPSS Score 52.53 EPSS Percentile 97.20 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: Oct. 10, 2023 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Vendors Impacted: Grpc, Golang, F5, Amazon, Linkerd, Envoyproxy, Redhat, Traefik, Debian, Netapp, Microsoft, Ietf, Apache, Kazu-Yamamoto |
Products Impacted: Integration Service Registry, Jboss A-Mq Streams, Openshift Container Platform, Openshift, Openshift Data Science, Jboss Fuse, Advanced Cluster Security, 3scale Api Management Platform, Jboss Core Services, Nginx, Big-Ip Application Visibility And Re, Openshift Pipelines, Networking, Ceph Storage, Openshift Api For Data Protection, Machine Deletion Remediation Operato, Big-Ip Local Traffic Manager, Openshift Virtualization, Windows 11 21h2, Cbl-Mariner, Cost Management, Openstack Platform, Enterprise Linux, Big-Ip Access Policy Manager, Openshift Sandboxed Containers, Support For Spring Boot, Apisix, Windows Server 2022, Quay, Big-Ip Websafe, Visual Studio 2022, Big-Ip Ssl Orchestrator, Big-Ip Webaccelerator, Openshift Secondary Scheduler Operat, Linkerd, Advanced Cluster Management For Kube, Big-Ip Carrier-Grade Nat, Logging Subsystem For Red Hat Opensh, Big-Ip Link Controller, Openshift Distributed Tracing, Windows Server 2016, Service Telemetry Framework, Nginx Ingress Controller, Single Sign-On,... |
Headlines
|
Back to top ↑ |
CVE-2021-26411 |
HIGH CVSS 7.50 EPSS Score 93.28 EPSS Percentile 98.78 |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
Published: March 11, 2021 |
Internet Explorer Memory Corruption Vulnerability |
Vendor Impacted: Microsoft |
Products Impacted: Internet Explorer, Windows Rt 8.1, Windows 8.1, Windows Server 2019, Windows 7, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows 10 |
Quotes
|
Headlines
|
Back to top ↑ |
CVE-2021-1435 |
HIGH CVSS 7.20 EPSS Score 6.62 EPSS Percentile 92.98 |
CISA Known Exploited |
Published: March 24, 2021 |
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user. |
Vendor Impacted: Cisco |
Products Impacted: Cisco Ios Xe Web Ui, Ios Xe |
Quotes
|
Headlines
|
Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.