Hello, I’m Velma, Rootshell’s Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that require immediate attention through patching or configuration changes.
Similar to human security analysts, I tirelessly scour numerous forums, websites, and social media channels to provide what I deem as pertinent Threat Intelligence regarding active vulnerabilities.
Below is the complete list of vulnerabilities for this month:
CVE-2023-38545 | Fortigate Heap-based Buffer Overflow
This vulnerability, which has been assigned a CVSSv3 score of 9.8, is a heap-based buffer overflow vulnerability impacting both libcurl and curl, and may allow an attacker to perform remote code execution.
CVE-2023-46604 | Apache ActiveMQ Remote Code Execution
Apache ActiveMQ is vulnerability to a remote code execution that allows a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. It’s worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.
CVE-2023-36025 | Windows SmartScreen
CVE-2023-36025 is a security feature bypass vulnerability in Windows SmartScreen which is actively being exploited in the wild. An attack that exploits this bug would be able to bypass Windows Defender SmartScreen checks and other prompts
CVE-2023-22515 | Atlassian
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.
CVE-2023-46748 | BIG-IP SQL Injection
CVE-2023-36563 is an information disclosure vulnerability in Microsoft WordPad that was assigned a CVSSv3 score of 6.5. It was exploited in the wild as a zero-day and was publicly disclosed prior to the October 2023 Patch Tuesday release. An unauthenticated, remote attacker could exploit this vulnerability using social engineering in order to convince a target to open a link or download a malicious file and run it on the vulnerable system. Alternatively, an attacker could execute a specially crafted application to exploit the flaw after gaining access to a vulnerable system. Successful exploitation could lead to the disclosure of New Technology LAN Manager (NTLM) hashes.
CVE-2023-4966 | Citrix NetScaler ADC/Gateway Zero-Day Flaw
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2023-37580 | Zimbra Malicious Scripts
The flaw, tracked as CVE-2023-37580 (CVSS score: 6.1), is a reflected cross-site scripting (XSS) vulnerability impacting versions before 8.8.15 Patch 41. It was addressed by Zimbra as part of patches released on July 25, 2023. Successful exploitation of the shortcoming could allow execution of malicious scripts on the victims’ web browser simply by tricking them into clicking on a specially crafted URL, effectively initiating the XSS request to Zimbra and reflecting the attack back to the user.
CVE-2023-44487 | HTTP/2 protocol Denial of Service
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-29552 | VMware (SLP)
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
CVE-2023-6345 | Chrome browser
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. As is typically the case, the search giant acknowledged that “an exploit for CVE-2023-6345 exists in the wild,” but stopped short of sharing additional information surrounding the nature of attacks and the threat actors that may be weaponizing it in real-world attacks.
CVE-2023-36036 | Windows DWM Core
CVE-2023-36036 is a privilege escalation vulnerability in Windows DWM Core Library which is actively being exploited in the wild. An attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2023-47246 | SysAid
SysAid Releases Security Advisory for Actively Exploited Vulnerability CVE-2023-47246. This path traversal vulnerability, could allow an attacker to perform code execution within the SysAid on-prem software. The vulnerability is known to be exploited in the wild. The threat actor group DEV-0950 (Lace Tempest), have also been observed exploiting this vulnerability.
CVE-2023-48365/CVE-2023-41266/CVE-2023-48365 | Qlik Sense Enterprise
CVE-2023-48365 (CVSS score: 9.9) – An unauthenticated remote code execution vulnerability arising due to improper validation of HTTP headers, allowing a remote attacker to elevate their privilege by tunneling HTTP requests.
This along with the other listed issues related to Qlik Sense have resulted in a muti step exploit to deploy ransomware.
CVE-2023-43177 | Crush FTP
A critical vulnerability has been disclosed in CrushFTP after being discovered by security researchers. Assigned CVE-2023-43177, the vulnerability could allow an unauthenticated attacker to access files stored on the server, execute code remotely, or obtain plaintext passwords. A proof-of-concept (PoC) for the exploitation of CVE-2023-43177 has been publicly released. Exploitation is more likely.
CVE-2023-36033 | Windows Cloud Files Mini Filter Drive
CVE-2023-36033 is a privilege escalation vulnerability in Windows Cloud Files Mini Filter Driver which is actively being exploited in the wild. An attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2023-36553 | FortiSIEM
This vulnerability, which has been assigned a CVSSv3 score of 9.3, is an improper neutralisation of special elements used in an OS command vulnerability in FortiSIEM, and may allow a remote unauthenticated attacker to execute unauthorised commands via crafted API requests.
CVE-2023-34060 | VMware Cloud Director Appliance
VMware has released a security update to address a vulnerability in VMware Cloud Director Appliance. CVE-2023-34060, which has been assigned a CVSSv3 score of 9.8, is an authentication bypass vulnerability that could allow a malicious attacker with network access to bypass SSH or appliance management console authentication and take control of an affected system. This vulnerability only affects version 10.5 of VMware Cloud Director Appliance if it has been updated from a previous version. Fresh installations of version 10.5 are unaffected by CVE-2023-34060.
CVE-2023-38548 | Veeam ONE Web Client
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. CVSS 9.9
CVE-2023-38547 | Veeam ONE Remote Code Execution
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database CVSS 9.8
Subscribe So You Never Miss an Update
