Snapshot
Sept. 2, 2023 - Sept. 8, 2023
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| CVE | Summary | Severity | Vendor | Date Added |
| CVE-2023-33246 | Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content. | CRITICAL | Apache | Sept. 6, 2023 |
Newswires |
||||
|
Ransomware Gangs Exploit Cisco VPN Zero-Day Vulnerability
Cisco has alerted users about a zero-day vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), which ransomware gangs are currently exploiting to gain initial access to corporate networks. |
Sept. 8, 2023 |
|||
|
North Korean Cybercriminals Exploit Zero-Day Vulnerability Targeting Cybersecurity Experts
North Korean cybercriminals have been exploiting a zero-day vulnerability in an unspecified software to infiltrate cybersecurity experts' systems, according to Google's Threat Analysis Group (TAG). |
Sept. 8, 2023 |
|||
|
Apple Patches Zero-Days Actively Exploited to Deliver Pegasus Spyware
Citizen Lab researchers have disclosed that the zero-day vulnerabilities recently fixed by Apple were being actively exploited to deliver the Pegasus spyware, developed by NSO Group. |
Sept. 8, 2023 |
|||
|
HPE OneView Software Plagued by Three Major Security Vulnerabilities
Hewlett Packard Enterprise's (HPE) OneView, a software designed to streamline the management of data center infrastructure, has been identified to contain three critical security vulnerabilities. |
Sept. 8, 2023 |
|||
|
Iranian Hackers Exploit Zoho and Fortinet Vulnerabilities to Breach US Aviation Organization
A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the United States Cyber Command (USCYBERCOM) on Thursday revealed that state-backed hacking groups have exploited critical vulnerabilities in Zoho and Fortinet systems to infiltrate a US aviation organization. |
Sept. 7, 2023 |
|||
|
Critical Authentication Bypass Vulnerability Found in Cisco BroadWorks
A severe vulnerability has been discovered in the Cisco BroadWorks Application Delivery Platform and the Cisco BroadWorks Xtended Services Platform, which could allow remote attackers to forge credentials and bypass authentication. |
Sept. 7, 2023 |
|||
|
Apple Patches Two Freshly Exploited Zero-days in Security Update
Apple recently pushed out emergency security updates to fix two newly discovered zero-day vulnerabilities that were being exploited to attack users of iPhones and Macs. |
Sept. 7, 2023 |
|||
|
Cisco Addresses Zero-Day Flaw CVE-2023-20269 in VPN Products Amidst Akira Ransomware Threats
Cisco has patched a zero-day vulnerability, CVE-2023-20269, found in its Virtual Private Network (VPN) products. |
Sept. 7, 2023 |
|||
|
Emerging Cloud Attack Vector: A Case Study on MinIO Exploitation
An innovative cloud attack vector has surfaced, granting cybercriminals the ability to remotely execute code and seize control of systems running the distributed object storage system, MinIO. |
Sept. 6, 2023 |
|||
|
APT34 Linked to New Phishing Attacks Deploying SideTwist Backdoor and Agent Tesla Variant
The Iranian threat actor identified as APT34 is connected to a new phishing campaign that results in the deployment of a SideTwist backdoor variant. |
Sept. 6, 2023 |
|||
|
Google Patches Android Zero-Day Exploit with September 2023 Security Updates
Google has rolled out the September 2023 security updates for Android, resolving a total of 32 vulnerabilities, amongst which one was being actively exploited. |
Sept. 6, 2023 |
|||
|
Ukraine's CERT Foils APT28 Cyberattack Aimed at Energy Infrastructure
Ukraine's Computer Emergency Response Team (CERT-UA) reported on Tuesday that it had successfully averted a cyber attack on a critical energy infrastructure facility within the nation. |
Sept. 6, 2023 |
|||
|
Critical Security Flaws Uncovered in PHPFusion CMS: CVE-2023-2453 and CVE-2023-4480
A team of researchers at Synopsys has identified a critical vulnerability in the PHPFusion open source content management system (CMS). |
Sept. 5, 2023 |
|||
|
SEL Power System Management Products Receive Nine Patches for Multiple Vulnerabilities
Schweitzer Engineering Laboratories (SEL), a US-based firm offering a broad spectrum of products and services for the electric power industry, has recently patched nine vulnerabilities in a pair of its electric power management products. |
Sept. 5, 2023 |
|||
|
MinIO Storage System Exploited by Hackers to Infiltrate Corporate Networks
Cybercriminals are taking advantage of two recent vulnerabilities in MinIO, an open-source object storage service, to infiltrate corporate networks. |
Sept. 4, 2023 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2023-20238 (6) | A vulnerability in the single sign-on implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks ... | CRITICAL |
Actively Exploited |
|
| CVE-2022-47966 (6) | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to us... | CRITICAL | Zoho, Zohocorp |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2022-42475 (6) | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 throu... | CRITICAL | Fortinet |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2023-28581 (4) | Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. | CRITICAL | Risk Context N/A | |
| CVE-2023-28434 (5) | Minio is a Multi-Cloud Object Storage framework. | HIGH |
Public Exploits Available |
|
| CVE-2023-28432 (5) | Minio is a Multi-Cloud Object Storage framework. | HIGH | Minio |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
| CVE-2023-20269 (6) | A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance Software and Cisco Firepower Threat De... | MEDIUM |
Actively Exploited Remote Code Execution Used In Ransomware |
|
| CVE-2023-41064 (12) | A buffer overflow issue was addressed with improved memory handling. | N/A | Apple |
CISA Known Exploited |
| CVE-2023-41061 (12) | A validation issue was addressed with improved logic. | N/A | Apple |
CISA Known Exploited |
CISA Known Exploited Vulnerabilities
CISA added one vulnerability to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2023-20238 |
|
CRITICAL CVSS 10.00 EPSS Score 0.05 EPSS Percentile 12.75 |
|
Actively Exploited |
|
Published: Sept. 6, 2023 |
|
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2022-47966 |
|
CRITICAL CVSS 9.80 EPSS Score 97.44 EPSS Percentile 99.92 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: Jan. 18, 2023 |
|
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. |
|
Vendors Impacted: Zoho, Zohocorp |
|
Products Impacted: Manageengine Remote Access Plus, Manageengine Key Manager Plus, Manageengine Os Deployer, Manageengine, Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Servicedesk Plus Msp, Manageengine Analytics Plus, Manageengine Desktop Central, Manageengine Supportcenter Plus, Manageengine Endpoint Dlp Plus, Manageengine Vulnerability Manager P, Manageengine Pam360, Manageengine Servicedesk Plus, Manageengine Patch Manager Plus, Manageengine Access Manager Plus, Manageengine Device Control Plus, Manageengine Assetexplorer, Application Control Plus, Manageengine Password Manager Pro, Manageengine Browser Security Plus, Manageengine Ad360, Manageengine Rmm Central, Manageengine Adselfservice Plus |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2022-42475 |
|
CRITICAL CVSS 9.80 EPSS Score 46.04 EPSS Percentile 96.95 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Jan. 2, 2023 |
|
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. |
|
Vendor Impacted: Fortinet |
|
Products Impacted: Fortigate-6500f, Fortigate-6501f, Fortigate-6500f-Dc, Fortigate-7030e, Fim-7901e, Fpm-7630e, Fim-7921f, Fpm-7620f, Fortiproxy, Fortigate-6501f-Dc, Fim-7920e, Fortigate-7060e, Fim-7941f, Fortigate-6300f-Dc, Fortigate-6300f, Fim-7910e, Fortigate-6601f, Fortigate-6601f-Dc, Fortigate-7121f, Fpm-7620e, Fortigate-7040e, Fortios, Fim-7904e |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-28581 |
|
CRITICAL CVSS 9.80 EPSS Score 0.10 EPSS Percentile 39.43 |
|
Risk Context N/A |
|
Published: Sept. 5, 2023 |
|
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. |
|
Headlines
|
| Back to top ↑ |
CVE-2023-28434 |
|
HIGH CVSS 8.80 EPSS Score 0.06 EPSS Percentile 22.63 |
|
Public Exploits Available |
|
Published: March 22, 2023 |
|
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-28432 |
|
HIGH CVSS 7.50 EPSS Score 50.56 EPSS Percentile 97.10 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: March 22, 2023 |
|
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z. |
|
Vendor Impacted: Minio |
|
Product Impacted: Minio |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-20269 |
|
MEDIUM CVSS 5.00 EPSS Score 0.05 EPSS Percentile 16.19 |
|
Actively Exploited Remote Code Execution Used In Ransomware |
|
Published: Sept. 6, 2023 |
|
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability. |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-41064 |
|
CVSS Not Assigned EPSS Score 0.09 EPSS Percentile 36.81 |
|
CISA Known Exploited |
|
Published: Sept. 7, 2023 |
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
|
Vendor Impacted: Apple |
|
Product Impacted: Ios, Ipados, And Macos |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2023-41061 |
|
CVSS Not Assigned EPSS Score 0.06 EPSS Percentile 24.56 |
|
CISA Known Exploited |
|
Published: Sept. 7, 2023 |
|
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
|
Vendor Impacted: Apple |
|
Product Impacted: Ios, Ipados, And Watchos |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
