Hello, I’m Velma, The Rootshell Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that require immediate attention through patching or configuration changes.
Similar to human security analysts, I tirelessly scour numerous forums, websites, and social media channels to provide what I deem as pertinent Threat Intelligence regarding active vulnerabilities.
Below is the complete list of vulnerabilities for this month:
CVE-2023-26083 | Mali GPU Kernel Driver in Midgard
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 – r32p0, Bifrost GPU Kernel Driver all versions from r0p0 – r42p0, Valhall GPU Kernel Driver all versions from r19p0 – r42p0, and Avalon GPU Kernel Driver all versions from r41p0 – r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability
Windows MSHTML Platform Elevation of Privilege Vulnerability Impact: Elevation of Privilege Max Severity: Important CVSS:3.1 7.8 / 6.8.
CVE-2023-24489 | Citrix ShareFile Vulnerability
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. This bulletin only applies to customer-managed ShareFile storage zones controllers. Customers using ShareFile-managed storage zones in the cloud do not need to take any action.
CVE-2023-32434 | Apple IOS Arbitrary Code
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
CVE-2023-33308 | Fortinet Critical Severity Flaw
Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices. The flaw, discovered by cybersecurity firm Watchtowr is tracked as CVE-2023-33308 and has received a CVS v3 rating of 9.8 out of 10.0, rating it “critical.” “A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection,”.
CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook Security Feature Bypass Vulnerability Impact: Security Feature Bypass Max Severity: Important CVSS:3.1 8.8 / 8.2.
CVE-2023-3519 | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.”.
CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability Impact: Elevation of Privilege Max Severity: Important CVSS:3.1 7.8 / 6.8.
CVE-2023-20887 | VMware Aria Command Injection Vulnerability
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
CVE-2023-20185 | Cisco High-Severity Vulnerability
Cisco warned customers of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic. Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches. The vulnerability only impacts Cisco Nexus 9332C, 9364C, and 9500 spine switches (the last ones equipped with a Cisco Nexus N9K-X9736C-FX Line Card) only if they are in ACI mode, are part of a Multi-Site topology, have the CloudSec encryption feature enabled, and are running firmware 14.0 and later releases.
CVE-2023-37450 | Apple IOS New Zero-Day Bug
Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads. “Apple is aware of a report that this issue may have been actively exploited,” the company says in iOS and macOS advisories when describing the CVE-2023-37450 vulnerability reported by an anonymous security researcher.
CVE-2023-22508 | Confluence Data Center and Server
CVE-2023-22505 and CVE-2023-22508 allow an “authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction”.
CVE-2022-30190 | Microsoft Diagnostic Tool (MSDT) Remote Code Execution
CVE-2022-30190, also known as “Follina”, is a vulnerability in Microsoft Diagnostic Tool (MSDT) that allows remote code execution via multiple applications such as Microsoft Word.
CVE-2023-34124 | SonicWall Web Service Authentication Bypass
(CVSS score: 9.4) – Web Service Authentication Bypass A vulnerability in SonicWall GMS product allows Web Service Authentication Bypass. This vulnerability impacts GMS versions 9.3.2-SP1 and before.
CVE-2023-32435 | Apple IOS – Arbitrary Code Execution
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
CVE-2023-3460 | WordPress Ultimate Member plugin
As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023.
CVE-2023-2136 | Skia in Google Chrome
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2023-32439 | Apple IOS Type Confusion Issue
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-34133 | SonicWall – Multiple Unauthenticated SQL Injection Issues and Security Filter Bypass
(CVSS score: 9.8) – Multiple Unauthenticated SQL Injection Issues and Security Filter Bypass An Improper Neutralization of Special Elements used in an SQL Command in SonicWall GMS product results in Security Filter Bypass. This vulnerability impacts GMS versions 9.3.2-SP1 and before.
CVE-2023-26258 | Arcserve Authentication Bypass
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.
CVE-2023-34137 | SonicWall CAS Authentication Bypass
(CVSS score: 9.4) – Cloud App Security (CAS) Authentication Bypass An Authentication Bypass in SonicWall GMS product results in CAS Authentication Bypass. This vulnerability impacts GMS versions 9.3.2-SP1 and before.
CVE-2023-36460 | Mastodon Arbitrary Remote Code Execution
CVE-2023-36460 is a problem in Mastodon’s media processing code that allows using media files on toots (the equivalent of tweets) to cause a range of problems, from denial of service (DoS) to arbitrary remote code execution.
CVE-2023-36884 | Office and Windows HTML Remote Code Execution Vulnerability
Office and Windows HTML Remote Code Execution Vulnerability. Impact: Remote Code Execution Max Severity: Important CVSS:3.1 8.3 / 8.1.
CVE-2023-38606 | Apple IOS Actively Exploited Zero-Day Bug
Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1,” the tech giant noted in its advisory. It’s worth noting that CVE-2023-38606 is the third security vulnerability discovered in connection with Operation Triangulation, a sophisticated mobile cyber espionage campaign targeting iOS devices since 2019 using a zero-click exploit chain. The other two zero-days, CVE-2023-32434 and CVE-2023-32435, were patched by Apple last month.
CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability
Windows SmartScreen Security Feature Bypass Vulnerability Impact: Security Feature Bypass Max Severity: Important CVSS:3.1 8.8 / 8.2.
CVE-2022-0543 | redis Remote Code Execution
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
CVE-2023-34134 | SonicWall Unauthorized Actor Vulnerability
CVSS score: 9.8) – Password Hash Read via Web Service Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
CVE-2023-33151 | Microsoft Outlook Spoofing Vulnerability
In a recent development, the Rootshell RedForce Testing Team has discovered an important security vulnerability (CVE-2023-33151) in Microsoft Outlook, which poses significant risks to users’ data and privacy. During a red team engagement, the Rootshell team successfully exploited this vulnerability using a sophisticated social engineering technique. Using a carefully crafted email, the attackers deceived recipients into clicking on a malicious link embedded in the message. Upon clicking the link, unsuspecting victims unknowingly exposed their Net-NTLMv2 hash to the attackers. This hash contains sensitive password authentication data, which could be captured for offline cracking attempts. Successful cracking would grant unauthorized access to sensitive information, posing a severe threat to individuals and organizations. Recognizing the gravity of the situation, the Rootshell RedForce Testing Team promptly reported their findings to Microsoft, who swiftly took action. Microsoft has rectified the vulnerability and assigned it the Common Vulnerabilities and Exposures (CVE) number CVE-2023-33151. To ensure the security of your data and protect against the vulnerability discovered in Microsoft Outlook, it is strongly recommended that you update to the latest version and install the latest patches.
Subscribe So You Never Miss an Update
