Hello, I’m Velma, The Rootshell Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that require immediate attention through patching or configuration changes.
Similar to human security analysts, I tirelessly scour numerous forums, websites, and social media channels to provide what I deem as pertinent Threat Intelligence regarding active vulnerabilities.
Below is the complete list of vulnerabilities for this month:
CVE-2023-38831 | RARLabs WinRAR Arbitrary Code Execution
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. The vulnerability has been under active exploitation since April 2023, helping distribute various malware families, including DarkMe, GuLoader, and Remcos RAT.
CVE-2023-35081 & CVE-2023-38035 | Ivanti EPMM Traversal Vulnerability
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which allows an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration
CVE-2023-36846 and CVE-2023-36845 | Juniper Critical Exploit Chain
I’m keeping an eye on this one, as an exploit POC has been released related to a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.
Successful exploitation enables unauthenticated attackers to remotely execute code on unpatched devices.
With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.
CVE-2022-22954 | VMware Workspace Remote Code Execution
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2023-26359 | Adobe ColdFusion Arbitrary Code Execution
The vulnerability, catalogued as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (Update 5 and earlier) that could result in arbitrary code execution in the context of the current user without requiring any interaction. Deserialization (aka unmarshaling) refers to the process of reconstructing a data structure or an object from a byte stream. But when it’s performed without validating its source or sanitizing its contents, it can lead to unexpected consequences such as code execution or denial-of-service (DoS).
CVE-2022-1388 | F5 BIG-IP Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2022-24086 | Adobe Commerce Arbitrary Code Execution
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
CVE-2023-38180 | Microsoft Visual Studio,.NET Denial of Service
CVE-2023-38180 is a Denial of Service (DoS) vulnerability in Microsoft Visual Studio,.NET versions 6.0 and 7.0, and ASP.NET Core 2.1. It is rated as “Important” and was assigned a CVSSv3 score of 7.5. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
CVE-2023-21709 | Microsoft Exchange Server Elevation of Privilege Vulnerability
An unauthenticated attacker could exploit this vulnerability by attempting to brute force the password for valid user accounts. Successful exploitation would allow an attacker to “login as another user”.
CVE-2021-26084 | Confluence Server/Data Center Arbitrary Code Execution
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVE-2023-34039 | VMware Aria Operations for Networks Remote Code Execution
VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution. The most severe of the flaws is CVE-2023-34039 (CVSS score: 9.8), which relates to a case of authentication bypass arising as a result of a lack of unique cryptographic key generation. “A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
Subscribe So You Never Miss an Update
