The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday extra three security flaws to its Acknowledged Exploited Vulnerabilities (KEV) catalog based mostly on proof of lively exploitation in the wild.
The vulnerabilities are as follows –
- CVE-2023-36584 (CVSS score: 5.4) – Microsoft Windows Mark-of-the-Web (MotW) Security Element Bypass Vulnerability
- CVE-2023-1671 (CVSS rating: 9.8) – Sophos Web Equipment Command Injection Vulnerability
- CVE-2023-2551 (CVSS rating: 8.8) – Oracle Fusion Middleware Unspecified Vulnerability
CVE-2023-1671 relates to a critical pre-auth command injection vulnerability that enables for the execution of arbitrary code. CVE-2023-2551 is a flaw in the WLS Core Elements that enables an unauthenticated attacker with network accessibility to compromise the WebLogic Server.
There are at present no general public stories documenting in-the-wild attacks leveraging the two flaws.
On the other hand, the addition of CVE-2023-36584 to the KEV catalog is primarily based on a report from Palo Alto Networks Unit 42 previously this 7 days, which detailed spear-phishing assaults mounted by pro-Russian APT group recognised as Storm-0978 (aka RomCom or Void Rabisu) targeting groups supporting Ukraine’s admission into NATO in July 2023.
CVE-2023-36584, patched by Microsoft as component of October 2023 security updates, is said to have been used together with CVE-2023-36884, a Windows distant code execution vulnerability resolved in July, in an exploit chain to provide PEAPOD, an up-to-date edition of RomCom RAT.
In gentle of lively exploitation, federal businesses are advised to use the fixes by December 7, 2023, to safe their networks towards possible threats.
Fortinet Disclosed Critical Command Injection Bug in FortiSIEM
The development will come as Fortinet is alerting customers of a critical command injection vulnerability in FortiSIEM report server (CVE-2023-36553, CVSS rating: 9.3) that could be exploited by attackers to execute arbitrary commands.
CVE-2023-36553 has been explained as a variant of CVE-2023-34992 (CVSS rating: 9.7), a similar flaw in the exact product that was remediated by Fortinet in early October 2023.
“An poor neutralization of special components used in an OS command vulnerability [CWE-78] in FortiSIEM report server may perhaps allow a distant unauthenticated attacker to execute unauthorized commands by way of crafted API requests,” the business claimed in an advisory this 7 days.
The vulnerability, which impacts FortiSIEM variations 4.7, 4.9, 4.10, 5., 5.1, 5.2, 5.3, and 5.4, has been set in versions 7.1., 7..1, 6.7.6, 6.6.4, 6.5.2, 6.4.3, or later.
Located this posting interesting? Adhere to us on Twitter and LinkedIn to read much more exceptional articles we post.
Some parts of this article are sourced from:
thehackernews.com