[ad_1]
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added three safety flaws to its Recognized Exploited Vulnerabilities (KEV) catalog primarily based on proof of energetic exploitation within the wild.
The vulnerabilities are as follows –
- CVE-2023-36584 (CVSS rating: 5.4) – Microsoft Home windows Mark-of-the-Net (MotW) Safety Characteristic Bypass Vulnerability
- CVE-2023-1671 (CVSS rating: 9.8) – Sophos Net Equipment Command Injection Vulnerability
- CVE-2020-2551 (CVSS rating: 9.8) – Oracle Fusion Middleware Unspecified Vulnerability
CVE-2023-1671 pertains to a vital pre-auth command injection vulnerability that enables for the execution of arbitrary code. CVE-2020-2551 is a flaw within the WLS Core Elements that enables an unauthenticated attacker with community entry to compromise the WebLogic Server.
There are at present no public reviews documenting in-the-wild assaults leveraging CVE-2023-1671, however Cybernews disclosed in July 2023 that it had recognized a subdomain of the Harvard College – programs.my.harvard[.]edu – that was inclined to CVE-2020-2551.
Then again, the addition of CVE-2023-36584 to the KEV catalog relies on a report from Palo Alto Networks Unit 42 earlier this week, which detailed spear-phishing assaults mounted by pro-Russian APT group generally known as Storm-0978 (aka RomCom or Void Rabisu) concentrating on teams supporting Ukraine’s admission into NATO in July 2023.
CVE-2023-36584, patched by Microsoft as a part of October 2023 safety updates, is alleged to have been used alongside CVE-2023-36884, a Home windows distant code execution vulnerability addressed in July, in an exploit chain to ship PEAPOD, an up to date model of RomCom RAT.
In mild of energetic exploitation, federal companies are beneficial to use the fixes by December 7, 2023, to safe their networks in opposition to potential threats.
Fortinet Discloses Important Command Injection Bug in FortiSIEM
The event comes as Fortinet is alerting prospects of a vital command injection vulnerability in FortiSIEM report server (CVE-2023-36553, CVSS rating: 9.3) that could possibly be exploited by attackers to execute arbitrary instructions.
CVE-2023-36553 has been described as a variant of CVE-2023-34992 (CVSS rating: 9.7), an analogous flaw in the identical product that was remediated by Fortinet in early October 2023.
“An improper neutralization of particular components utilized in an OS command vulnerability [CWE-78] in FortiSIEM report server might permit a distant unauthenticated attacker to execute unauthorized instructions through crafted API requests,” the corporate mentioned in an advisory this week.
The vulnerability, which impacts FortiSIEM variations 4.7, 4.9, 4.10, 5.0, 5.1, 5.2, 5.3, and 5.4, has been mounted in variations 7.1.0, 7.0.1, 6.7.6, 6.6.4, 6.5.2, 6.4.3, or later.
Replace
When reached for touch upon the addition of CVE-2023-1671 to the KEV catalog, Sophos shared the next assertion with The Hacker Information –
Greater than six months in the past, on April 4, 2023, we launched an automated patch to all Sophos Net Home equipment, as famous within the Safety Advisory on our Belief Middle, and in July 2023, we’ve phased out Sophos Net Equipment as beforehand deliberate. We respect CISA’s discover for any of the small variety of remaining Sophos Net Equipment customers who turned off auto-patch and/or missed our ongoing updates, and advocate they improve to Sophos Firewall for optimum community safety shifting ahead.
(The article was up to date after publication to say that the third safety flaw added to the KEV catalog is CVE-2020-2551 and never CVE-2023-2551, which was erroneously referenced within the alert printed by CISA.)
[ad_2]