The U.S. Cybersecurity and Infrastructure Security Company (CISA) on Thursday additional 3 security flaws to its Regarded Exploited Vulnerabilities (KEV) catalog based mostly on proof of active exploitation in the wild.
The vulnerabilities are as follows –
- CVE-2023-36584 (CVSS score: 5.4) – Microsoft Windows Mark-of-the-Web (MotW) Security Characteristic Bypass Vulnerability
- CVE-2023-1671 (CVSS score: 9.8) – Sophos Web Appliance Command Injection Vulnerability
- CVE-2023-2551 (CVSS score: 8.8) – Oracle Fusion Middleware Unspecified Vulnerability
CVE-2023-1671 relates to a critical pre-auth command injection vulnerability that enables for the execution of arbitrary code. CVE-2023-2551 is a flaw in the WLS Core Parts that makes it possible for an unauthenticated attacker with network access to compromise the WebLogic Server.
There are at present no general public stories documenting in-the-wild attacks leveraging the two flaws.
On the other hand, the addition of CVE-2023-36584 to the KEV catalog is centered on a report from Palo Alto Networks Device 42 previously this week, which in depth spear-phishing attacks mounted by pro-Russian APT group identified as Storm-0978 (aka RomCom or Void Rabisu) concentrating on groups supporting Ukraine’s admission into NATO in July 2023.
CVE-2023-36584, patched by Microsoft as component of Oct 2023 security updates, is explained to have been utilized together with CVE-2023-36884, a Windows distant code execution vulnerability resolved in July, in an exploit chain to deliver PEAPOD, an up to date variation of RomCom RAT.
In light-weight of lively exploitation, federal organizations are encouraged to apply the fixes by December 7, 2023, to safe their networks in opposition to opportunity threats.
Fortinet Disclosed Critical Command Injection Bug in FortiSIEM
The progress arrives as Fortinet is alerting shoppers of a critical command injection vulnerability in FortiSIEM report server (CVE-2023-36553, CVSS score: 9.3) that could be exploited by attackers to execute arbitrary instructions.
CVE-2023-36553 has been described as a variant of CVE-2023-34992 (CVSS score: 9.7), a identical flaw in the exact same products that was remediated by Fortinet in early Oct 2023.
“An poor neutralization of specific things used in an OS command vulnerability [CWE-78] in FortiSIEM report server could let a remote unauthenticated attacker to execute unauthorized instructions through crafted API requests,” the business said in an advisory this 7 days.
The vulnerability, which impacts FortiSIEM variations 4.7, 4.9, 4.10, 5., 5.1, 5.2, 5.3, and 5.4, has been mounted in versions 7.1., 7..1, 6.7.6, 6.6.4, 6.5.2, 6.4.3, or afterwards.
Found this article attention-grabbing? Adhere to us on Twitter and LinkedIn to read through a lot more distinctive written content we write-up.
Some sections of this report are sourced from: