controlgap.com

This week saw the publication of 326 new CVE IDs. Of those, 258 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 19% were of critical severity, 25% were high, 55% were medium, and 1% were low. Listed below are the vulnerabilities that caught our attention:

• An arbitrary password reset vulnerability in the open source “GNUBoard” bulletin board system, tracked as CVE-2022-44216, could lead to account takeovers.
• CloudFlow ProofScope, a web-based software application for proofing and collaboration, was found to be affected by an arbitrary file upload leading to code execution vulnerability that is being tracked as CVE-2022-41217.
• ZoneMinder, the popular open-source CCTV software was found to be affected by 8 different vulnerabilities including authenticated code execution, local file inclusion, cross-site scripting, path traversal, and SQL injection.
• Two cross-site scripting vulnerabilities were disclosed for JetBrains TeamCity which could allow for scripting attacks against users of the platform.

This week saw the publication of 788 new CVE IDs. Of those, 526 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 6% were of critical severity, 44% were high, 49% were medium, and 1% were low. Listed below are the vulnerabilities that caught our attention:

• A remote code execution vulnerability involving JNDI abuse (like Log4J) and insecure deserialization was disclosed for Apache Kafka.
• FortiNAC and FortiWeb were patched to remediate remote code execution vulnerabilities which could potentially allow an attacker with no privileges to breach an organization’s perimeter.
• Apple has patched a zero-day remote code execution vulnerability in its WebKit browser engine. Apple has confirmed it was exploited in the wild but will not provide any further technical details. Special thanks were given to Citizen Lab.
• Citrix has patched a privilege escalation vulnerability which would allow any Windows user within the VDE to escalate to “NT AUTHORITY\SYSTEM.

This week saw the publication of 468 new CVE IDs. Of those, 435 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 24% were of critical severity, 40% were high, 36% were medium, and 0% were low. Listed below are the vulnerabilities that caught our attention:

• The file transfer software GoAnywhere MFT has had a “remote code injection” vulnerability disclosed this week by Brian Krebs. The official advisory was released in a private manner to GoAnywhere MFT customers.
• Popular NAS producer QNAP has addressed a remote code execution vulnerability in its QTS and QuTS firmware for its devices.
• A vulnerability for Lexmark network printers has been released which affects more than 100 different Lexmark devices. If successfully exploited, the vulnerability could allow for remote code execution in the context of the root user.
• The popular reverse engineering tool Binwalk was found to have a path traversal which could allow for remote code execution if a reverse engineer extracts a PFS file.

This week saw the publication of 537 new CVE IDs. Of those, 480 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 4% were of critical severity, 49% were high, 47% were medium, and 0% were low. Listed below are the vulnerabilities that caught our attention:

• YellowFin Business Intelligence platform was found to utilize a hard-coded RSA private key for several cryptographic functions resulting in multiple authentication bypass vulnerabilities which could be abused to achieve remote code execution.
• Multiple buffer overflow vulnerabilities were disclosed for Adobe Acrobat which could result in remote code execution if a user opens a crafted file. These kinds of vulnerabilities will slowly become more valuable as Microsoft makes strides to shut down typical malspam techniques.
• A whopping 62 vulnerabilities allowing for remote code execution were disclosed by Cisco Talos for the Siretta Quartz Gold industrial LTE router.
• Solar-Log Photovoltaic device firmware was found by Swascan researchers to have backdoor “Super Admin” credentials which can be derived from public information available on the web portal.

This week saw the publication of 712 new CVE IDs. Of those, 247 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 21% were of critical severity, 29% were high, 48% were medium, and 2% were low. Listed below are the vulnerabilities that caught our attention:

• Multiple remote code execution vulnerabilities were identified in the universal open-source project Git via a source-code review conducted by X41 D-Sec and the GitLab Security Research Team.
• Two vulnerabilities which could be chained together to achieve unauthenticated remote code execution have been disclosed for multiple models of Cisco Small Business router. The products are end-of-life and Cisco has stated they will not be addressing the vulnerabilities.
• A vulnerability in the Samsung Galaxy App store could allow applications already present on the phone to install any app available through the app store without user permission. The vulnerability does not affect versions of Android 13 or later due to additional security measures implemented on the OS.
• Multiple vulnerabilities were disclosed by CISA for Sewio’s Real-Time Location System including remote code execution. Given the product’s ability to track personnel in real-time, the impact may be much more severe than the assigned CVSS score.

This week saw the publication of 712 new CVE IDs. Of those, 328 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 17% were of critical severity, 49% were high, 33% were medium, and 1% were low. Listed below are the vulnerabilities that caught our attention:

• A difficult to exploit but wide-ranging vulnerability in Okta’s Auth0 JSON Web Token library could allow for remote code execution under the right conditions.
• A 0-day vulnerability in multiple versions of Windows which would allow for privilege escalation was discovered by Avast in what appears to be an actively utilized exploit chain.
• A simple unauthorized SQL injection vulnerability was discovered by researchers at Tenable which affected more than 100,000 installations of the Paid Membership Pro WordPress plugin.
• The Israeli National Cyber Directorate disclosed multiple vulnerabilities for the cross-platform FTP server Rumpus. The software does not appear to be regularly updated and possibly even abandoned by the developer. There are thousands of internet-facing Rumpus instances at time of writing.

This week saw the publication of 425 new CVE IDs. Of those, 240have not yet been assigned official CVSS scores, however, of the ones that were, approximately 18% were of critical severity, 33% were high, 48% were medium, and 1% were low. Listed below are the vulnerabilities that caught our attention:

• Popular NAS vendor Synology has disclosed a remote code execution vulnerability affecting their VPN Plus Server bearing the maximum CVSS score of 10.
• CWP is vulnerable to an unauthenticated remote code execution bug stemming from improper handling of user input.
• Zoho ManageEngine password manager products are vulnerable to SQL injection which allows any authenticated user to arbitrarily query the back-end database.
• Apache Dubbo vulnerabilities dating back to 2021 have finally been disclosed by NIST’s NVD. The most severe vulnerability would allow for unauthenticated remote code execution.

This week saw the publication of 806 new CVE IDs. Of those, 307 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 8% were of critical severity, 48% were high, 43% were medium, and 1% were low. Listed below are the vulnerabilities that caught our attention:

• Fortinet has quietly addressed a vulnerability in its FortiOS SSL-VPN product which could allow for remote code execution. The vulnerability is known to have been exploited in the wild.
• Citrix ADC and Citrix Gateway in certain authentication configurations can be vulnerable to remote code execution. Threat intelligence indicates the vulnerability has been exploited by APTs
• iOS has released a patch for its Webkit engine to address a arbitrary code execution vulnerability. Apple has warned the vulnerability may have been exploited in the wild.
• VMware vRealize has had multiple vulnerabilities disclosed including arbitrary file reads and remote code execution.

This week saw the publication of 430 new CVE IDs. Of those, 4 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 18% were of critical severity, 37% were high, 40% were medium, and 5% were low. Listed below are the vulnerabilities that caught our attention:

• Cisco IP Phone firmware is vulnerable to remote code execution. Cisco plans to release a patch in the new year.
• AMI MegaRAC BMC firmware which is utilized to manage servers all over the world was found to use default credentials for the root account and is vulnerable to remote code execution.
• Veeam Backup for Google Cloud has been found to be vulnerable to an authentication bypass.
• Zabbix client was found to adjust Windows firewall rules during install to allow all traffic inbound and outbound to the system.

This week saw the publication of 564 new CVE IDs. In a strange week, 223 of those CVE IDs were labelled as “Reject, DO NOT USE”. Of those legitimate IDs, 125 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 13% were of critical severity, 37% were high, 48% were medium, and 2% were low. Listed below are the vulnerabilities that caught our attention:

• Hyundai and Genesis myHyundai application functionality allows for remote vehicle takeover.
• Android virtual keyboard & mouse applications could allow an attacker to compromise systems or surveil keystrokes.
• Intel Datacenter Management console has been found to be affected by an authentication bypass vulnerability.
• GitHub has released a feature for open-source maintainers that allows for easy reporting, remediation, and disclosure of vulnerabilities.