Customer portal
Articles Tagged with

SOS Intelligence

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 06 November 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-20198

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

https://nvd.nist.gov/vuln/detail/CVE-2023-20198

 


 

2. CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

https://nvd.nist.gov/vuln/detail/CVE-2023-20273

 


 

3. CVE-2023-42846

This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.

https://nvd.nist.gov/vuln/detail/CVE-2023-42846

 


 

4. CVE-2021-21972

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2021-21972

 


 

5. CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 

https://nvd.nist.gov/vuln/detail/CVE-2023-4966

 


 

6. CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

 


 

7. CVE-2023-46747

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-46747

 


 

8. CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

 


 

9. CVE-2023-36596

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36596

 


 

10. CVE-2017-0143

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

https://nvd.nist.gov/vuln/detail/CVE-2017-0143

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 30 October 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-20198

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

https://nvd.nist.gov/vuln/detail/CVE-2023-20198

 


 

2. CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

 


 

3. CVE-2021-21972

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2021-21972

 


 

4. CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

https://nvd.nist.gov/vuln/detail/CVE-2023-20273

 


 

5. CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

 


 

6. CVE-2023-4966

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-4966

 


 

7. CVE-2021-1435

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

https://nvd.nist.gov/vuln/detail/CVE-2021-1435

 


 

8. CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-44487

 


 

9. CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker

to load arbitrary JavaScript code.

https://nvd.nist.gov/vuln/detail/CVE-2023-5631

 


 

10. CVE-2023-20073

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-20073

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 23 October 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-2315

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

https://nvd.nist.gov/vuln/detail/CVE-2023-2315

 


 

2. CVE-2023-5178

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-5178

 


 

3. CVE-2023-44487

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

https://nvd.nist.gov/vuln/detail/CVE-2023-44487

 


 

4. CVE-2023-4863

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

 


 

5. CVE-2023-20198

Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory 
Cisco will provide updates on the status of this investigation and when a software patch is available.

https://nvd.nist.gov/vuln/detail/CVE-2023-20198

 


 

6. CVE-2022-30190

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-30190

 


 

7. CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

 


 

8. CVE-2009-0658

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2009-0658

 


 

9. CVE-2023-3519

Unauthenticated remote code execution

https://nvd.nist.gov/vuln/detail/CVE-2023-3519

 


 

10. CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

 


"Flash
Flash Alert

Flash Alert – Further exploitation of Citrix NetScaler

CVE-2023-4966

CVSS: 9.4

Last week, Citrix released a patch for CVE-2023-4966. This vulnerability allows threat actors to hijack existing, authenticated sessions and bypass multi-factor authentication. As a result, they could fully control NetScaler environments, and therefore manage and control application delivery.

The vulnerability impacts the following versions of Citrix NetScaler:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50  and later releases
  • NetScaler ADC and NetScaler Gateway  13.1-49.15  and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

Cybersecurity firm Mandiant has been tracking exploitation of the vulnerability and has seen evidence of use since August 2023 by an as-yet-unknown threat actor. This threat actor appears most concerned with cyberespionage, with targets including professional services, technology and government organisations. Over time, it is anticipated that further threat actors will begin exploiting this vulnerability across wider sectors for financial gain.

Despite the patch being issued, it is anticipated that exploitation of this vulnerability will increase. This is down to a slow uptake of patching undertaken by users of Citrix NetScaler. For example, we previously reported on CVE-2023-3519 which was patched in July 2023 after being exploited as early as June 2023. Research by the Shadowserver Foundation indicates at least 1,300 NetScaler instances are still vulnerable to this exploit.

Citrix recommends updating and patching all instances of NetScaler to the most recently available versions in order to limit the impact of the vulnerability. Further details can be found here.

"Cisco
Flash Alert

Flash Alert – Critical Vulnerability in Cisco IOS XE Software

On 16 October 2023, Cisco reported on a vulnerability affecting Cisco IOS XE.  CVE-2023-20198 is a critical vulnerability apparent in the Web UI of Cisco IOS XE software.  It applies when the IOS is exposed to the internet or other untrusted networks, and impacts both physical and virtual devices with HTTP or HTTPS Server features enabled.

A threat actor can leverage this vulnerability to create an account on an affected device.  This account would benefit from privilege level 15 access, which would grant the malicious user full control of the compromised device.  From here they could freely engage in further unauthorised activity, such as data theft or malware deployment.  They would also be able to monitor network traffic, pivot into protected networks, and perform man-in-the-middle attacks

Research conducted by VulnCheck has identified thousands of hosts already impacted by this vulnerability.  They recommend disabling the web interface and removing all management interfaces from the internet.

At the time of posting, a patch for this vulnerability has yet to be released.  Cisco has recommended disabling the HTTP Server feature.  A compromise of the system can be detected by:

  • Monitoring access logs for any new or unknown users
  • Monitoring system logs for the following message (where filename is an unknown filename that does not correlate with an expected file installation action)
    • %WEBUI-6-INSTALL_OPERATION_INFO: User: username, Install Operation: ADD filename
  • Running the following on a suspect device, where systemip is the IP address of the system to check.  An impacted system will return a hexadecimal string:
    • curl -k -X POST “https://systemip/webui/logoutconfirm.html?logon_hash=1″

Further details on their recommendations and IoCs can be found here.

GitHub user ZephrFish https://twitter.com/ZephrFish has produced and shared a simple tool to scan if a host has been impacted by a threat actor using the vulnerability.  This can be found here.

The following Snort rule IDs are also available to detect exploitation:

  • 3:50118:2 – can alert for initial implant injection
  • 3:62527:1 – can alert for implant interaction
  • 3:62528:1 – can alert for implant interaction
  • 3:62529:1 – can alert for implant interaction

Additional ongoing discussions on this vulnerability can be followed on this twitter thread by Daniel Card https://twitter.com/UK_Daniel_Card/thread/1714536315834798314

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 16 October 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-38545

An improper certificate validation vulnerability exists in curl

https://nvd.nist.gov/vuln/detail/CVE-2023-38545

 


 

2. CVE-2023-4911

A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

https://nvd.nist.gov/vuln/detail/CVE-2023-4911

 


 

3. CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-44487

 


 

4. CVE-2019-9511

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim’s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

https://nvd.nist.gov/vuln/detail/CVE-2019-9511

 


 

5. CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

 


 

6. CVE-2019-9516

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim’s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

https://nvd.nist.gov/vuln/detail/CVE-2019-9516

 


 

7. CVE-2019-9513

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim’s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

https://nvd.nist.gov/vuln/detail/CVE-2019-9513

 


 

8. CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim’s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

https://nvd.nist.gov/vuln/detail/CVE-2021-3618

 


 

9. CVE-2023-38546

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-38546

 


 

10. CVE-2019-20372

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim’s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

https://nvd.nist.gov/vuln/detail/CVE-2019-20372

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 09 October 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-42115

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-42115

 


 

2. CVE-2022-40684

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

 


 

3. CVE-2023-42116

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-42116

 


 

4. CVE-2012-3716

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

https://nvd.nist.gov/vuln/detail/CVE-2012-3716

 


 

5. CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

 


 

6. CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

https://nvd.nist.gov/vuln/detail/CVE-2021-26855

 


 

7. CVE-2023-38831

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

 


 

8. CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key.

https://nvd.nist.gov/vuln/detail/CVE-2022-47522

 


 

9. CVE-2023-4911

A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

https://nvd.nist.gov/vuln/detail/CVE-2023-4911

 


 

10. CVE-2020-14882

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

https://nvd.nist.gov/vuln/detail/CVE-2020-14882

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 02 October 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29360

 


 

2. CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.

https://nvd.nist.gov/vuln/detail/CVE-2023-29887

 


 

3. CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

 


 

4. CVE-2023-5129

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-5129

 


 

5. CVE-2023-29357

Microsoft SharePoint Server Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29357

 


 

6. CVE-2023-36802

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36802

 


 

7. CVE-2023-41064

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-41064

 


 

8. CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a “

https://nvd.nist.gov/vuln/detail/CVE-2017-9841

 


 

9. CVE-2020-25659

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

https://nvd.nist.gov/vuln/detail/CVE-2020-25659

 


 

10. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 


"Flash
Flash Alert

Flash Alert – Exploitation of vulnerabilities in SharePoint – update now

In recent months, several vulnerabilities in SharePoint have been identified and documented, including CVE-2023-29357 and CVE-2023-24955.  Security researchers at STAR Labs in Singapore have demonstrated the use of these vulnerabilities to achieve pre-auth remote code execution on a SharePoint server.  You can review their research here.

Exploiting these vulnerabilities allows a potential threat actor to bypass authentication by impersonating a legitimate user.  They can then inject code into root directories which is then executed by SharePoint.

CVE-2023-29357

CVE-2023-29357 was published in June 2023.  It details a vulnerability in Microsoft SharePoint which allows for a threat actor to elevate their privilege on a vulnerable server to administrator level.

The vulnerability affects Microsoft SharePoint Server 2019.

A threat actor, with access to spoofed JWT authentication tokens, is able to undertake a network attack which can bypass authentication.  This allows them to gain access to a server, with the privileges of a legitimate, authenticated user.

Microsoft has issued several security updates to combat the vulnerability and these should be installed and implemented as soon as possible.  Those who have enabled AMSI integration and use Microsoft Defender are protected.

Python scripts have been identified within online repositories which seek to exploit this vulnerability, and further suggest combining it with CVE-2023-24955 to achieve Remote Code Execution.  An example can be found here.

CVE-2023-24955

CVE-2023-24955 was published in May 2023.  It concerns a vulnerability in Microsoft SharePoint which allows for the remote execution of code on a SharePoint server by an authenticated threat actor.

Microsoft has issued several security updates to combat the vulnerability and these should be installed and implemented as soon as possible.

1 2 10 11 12 13 14 23 24
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound