CERT-EU - Publications - Security Advisories

2023-093: High Vulnerabilities in Google Chrome

Wednesday, November 29, 2023 06:08:09 PM CET

On November 28, Google has released an emergency security update to address six high vulnerabilities found in Chrome. Google is aware that an exploit exists for one of the vulnerabilities, tracked as "CVE-2023-6345".

2023-092: Critical vulnerability in FortiSIEM

Tuesday, November 21, 2023 09:07:34 AM CET

On November 14, Fortinet released an advisory regarding a critical vulnerability affecting FortiSIEM which may allow a remote unauthenticated attacker to execute unauthorised commands via crafted API requests.

2023-091: High Vulnerabilities in Citrix Hypervisor

Monday, November 20, 2023 11:42:36 AM CET

On November 15, 2023, Citrix issued an advisory regarding two vulnerabilities affecting Citrix Hypervisor 8.2 CU1 LTSR that could allow malicious code in a guest VM to compromise the host.

2023-090: Microsoft Software Critical Zero-Day Vulnerabilities

Monday, November 20, 2023 11:33:43 AM CET

On November 15, 2023, Microsoft released patches for 63 security flaws in its software, including five new zero-day vulnerabilities, three of which are actively exploited. These vulnerabilities pose significant risks and require immediate attention.

2023-089: VMware Cloud Director Critical Vulnerability

Monday, November 20, 2023 11:02:05 AM CET

On November 14, 2023, VMware issued an advisory about a critical authentication bypass vulnerability, "CVE-2023-34060", affecting Cloud Director Appliance. The CVSSv3 score is 9.8, indicating a critical level of severity. This vulnerability is present on an upgraded version of VMware Cloud Director Appliance.

2023-088: High Vulnerabilities in Ivanti Endpoint Manager Mobile

Monday, November 20, 2023 10:58:53 AM CET

On November 9 2023, Ivanti disclosed two vulnerabilities, "CVE-2023-39335" and "CVE-2023-39337", affecting all versions of Endpoint Manager Mobile (formerly MobileIron Core).
The vulnerabilities can be chained to allow an unauthenticated user to access resources behind Sentry.

2023-087: Critical Vulnerabilities in QNAP products

Tuesday, November 07, 2023 11:26:21 AM CET

On November 4 2023, QNAP Systems has released advisories addressing critical vulnerabilities affecting multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices. These vulnerabilities could allow an attacker to achieve Remote Code Execution.
It is recommended updating affected devices as soon as possible.

2023-086: Critical Vulnerabilities in Veeam ONE

Tuesday, November 07, 2023 11:21:10 AM CET

On November 6 2023, Veeam has released an advisory addressing critical vulnerabilities affecting the Veeam ONE product. These vulnerabilities could allow an attacker to steal NTLM hashes, or to achieve Remote Code Execution.
Veeam has released hotfixes for these vulnerabilities, and it is recommended applying them as soon as possible.

2023-085: Critical Vulnerability in Confluence Data Center and Server

Wednesday, November 08, 2023 05:08:31 PM CET

On October 30 2023, a notable vulnerability, CVE-2023-22518, affecting Confluence Data Center and Server was disclosed by Atlassian. The exploitation of this vulnerability could result in significant data loss. Updates are already available for this vulnerability. The CVE-2023-22518 had an initial CVSS score of 9.1 indicating a critical risk.
On November 2, Atlassian warned that the risk of exploitation increased as critical information about the vulnerability has been publicly exposed. While there is no report of active exploitation, it is highly recommended updating affected products as soon as possible.
[Update] On November 6, Atlassian has escalated CVE-2023-22518 CVSS score from 9.1 to 10, the highest critical rating, due to the change in the scope of the attack.

2023-084: Critical Vulnerability in VMware products

Friday, October 27, 2023 11:05:49 PM CEST

On 25 October 2023, VMware has released security updates to address two vulnerabilities affecting vCenter Server and Cloud Foundation. The exploitation of the vulnerabilities could lead to an out-of-bounds write and a partial information disclosure. The vulnerabilities are tracked as CVE-2023-34048 with a CVSS score 9.8 and CVE-2023-34056 with a CVSS score of 4.3.[1]
It is recommended updating as soon as possible.

2023-083: Critical Vulnerability in F5 BIG-IP Configuration utility

Friday, October 27, 2023 11:04:34 PM CEST

On 26 October 2023, F5 released a security advisory for a critical vulnerability impacting BIG-IP that allows an
user to perform remote code execution. The vulnerability is tracked as CVE-2023-46747 with a CVSS score of 9.8 out of 10.

2023-082: Multiple Vulnerabilities in LifeRay products

Friday, October 27, 2023 11:03:37 PM CEST

This security advisory addresses multiple vulnerabilities in Liferay Portal and Liferay DXP related to cross-site scripting (XSS) attacks. Users are urged to update their installations to the latest versions as provided in the "Recommendations" section.

2023-081: Multiple Vulnerabilities in VMware Aria Operations for Logs

Tuesday, October 24, 2023 03:01:30 PM CEST

On 19 October 2023, VMware has released security updates to address two vulnerabilities affecting Aria Operations for Logs. The exploitation of the vulnerabilities could lead to Remote Code Execution and Authentication bypass. The vulnerabilities are tracked as "CVE-2023-34051" and "CVE-2023-34052" with a CVSS score of 8.1.[1]
It is recommended updating as soon as possible.

2023-080: Multiple Vulnerabilities in SolarWinds Access Rights Manager (ARM)

Monday, October 23, 2023 06:16:06 PM CEST

On October 18 2023, SolarWinds announced patches for eight vulnerabilities in Access Rights Manager (ARM) including eight high-severity flaws. The most severe vulnerabilities are tracked as CVE-2023-35182 and CVE-2023-35184 for Remote Code Execution Vulnerability, as well as CVE-2023-35185 and CVE-2023-35187 for Directory Traversal Remote Code Vulnerability, with a CVSS score of 8.8 out of 10.
It is recommended updating as soon as possible.

2023-079: Juniper Networks Junos OS Multiple Vulnerabilities

Tuesday, October 17, 2023 12:33:58 PM CEST

On October 14, 2023, Juniper Networks announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws. The most severe vulnerability, tracked as CVE-2023-44194 with a CVSS score of 8.4 out of 10, allows an unauthenticated attacker with local access to create a backdoor with root privileges due to incorrect default permissions in a certain system directory.
It is recommended applying updates as soon as possible.

2023-078: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Monday, October 23, 2023 01:37:47 PM CEST

On October 16 2023, Cisco published an advisory regarding a critical vulnerability, CVE-2023-20198, affecting the Web UI of Cisco IOS XE Software. This vulnerability could allow an unauthenticated remote attacker to create a privileged level 15 account, granting them control over the affected system.
[UPDATE] On October 20 2023, Cisco identified an additional vulnerability CVE-2023-20273, which, when exploited, affects another component of the web UI feature. This vulnerability allows the new local user to elevate its privilege to root and write an implant to the file system.
- CVE-2023-20198 has been assigned a CVSS Score of 10.0.
- CVE-2023-20273 has been assigned a CVSS Score of 7.2.
Cisco has released software updates that address the vulnerabilities described in this advisory. It is also advised to implement the recommendations.

2023-077: Microsoft October 2023 Patch Tuesday

Wednesday, October 11, 2023 05:55:56 PM CEST

Microsoft has released its October 2023 Patch Tuesday Security Updates, addressing a total of 103 CVEs among which 12 are rated as critical, and 91 are rated as important. Microsoft also reported that two vulnerabilities are actively exploited.

2023-076: Vulnerability in cURL and libcurl

Wednesday, October 11, 2023 01:06:46 PM CEST

A security vulnerability in the cURL tool and libcurl library has been identified. This flaw enables a heap-based buffer overflow during the SOCKS5 proxy handshake, potentially allowing malicious actors to execute arbitrary code (RCE). At this time, CERT-EU is not aware of any active exploits leveraging this vulnerability. The vulnerability affects libcurl versions 7.69.0 to 8.3.0. The issue was reported on September 30, 2023, and a patch has been released in curl version 8.4.0. The vulnerability is tracked as "CVE-2023-38545".

2023-075: Citrix NetScaler Critical Vulnerability

Friday, November 03, 2023 11:52:14 AM CET

On October 10, 2023, Citrix issued an advisory about multiple buffer-related vulnerabilities, CVE-2023-4966 and CVE-2023-4967, affecting NetScaler ADC and NetScaler Gateway. These vulnerabilities can result in sensitive information disclosure and denial of service attacks.
It is recommended updating and remediating affected devices as soon as possible.
On October 19, 2023, Mandiant issued a remediation report regarding the vulnerability CVE-2023-4966. Mandiant identified a zero-day exploitation of this vulnerability in the wild beginning in late August 2023.
On October 25, 2023, AssetIO brought more details about the exploitation of CVE-2023-4966 giving opportunities to detect a possible exploitation of the vulnerability. However, this requires an HTTP frontend source (e.g., network probe, WAF or reverse proxy) before reaching the Citrix HTTP services. A proof-of-concept is also available for that vulnerability.
[UPDATE] On November 2, 2023, Mandiant shared information about artefacts that can be used to identify exploitation activity. Mandiant also shared their post exploitation techniques observation.

2023-074: HTTP/2 Rapid Reset DDoS Vulnerability

Tuesday, October 17, 2023 10:37:46 PM CEST

On October 10, 2023, Cloudflare, Google and Amazon AWS, jointly disclosed a vulnerability affecting the HTTP/2 protocol. Named as "CVE-2023-44487", this vulnerability impacts various web services and cloud customers. This vulnerability is being actively exploited and has led to Distributed Denial of Service (DDoS) attacks that are significantly larger than previous Layer 7 attacks.
CERT-EU recommends identifying all services using HTTP/2 that are exposed to the Internet, and apply patches or mitigations.

2023-073: Access Control Vulnerability in Confluence Data Center and Server

Friday, October 06, 2023 10:23:58 AM CEST

Atlassian has been made aware of a critical vulnerability, CVE-2023-22515, a Broken Access Control vulnerability in Confluence Data Center and Server. External attackers may exploit this vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorised Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability.

2023-072: GNU C Library Dynamic Loader Buffer Overflow Vulnerability

Wednesday, October 04, 2023 05:41:05 PM CEST

A critical buffer overflow vulnerability, identified as "CVE-2023-4911", has been discovered by Qualys Research Labs in the GNU C Library's dynamic loader when processing the "GLIBC_TUNABLES" environment variable. This vulnerability can be exploited to obtain full root privileges, impacting several major Linux distributions.
It is recommended updating as soon as possible.

2023-071: Cisco Catalyst SD-WAN Manager Vulnerabilities

Saturday, September 30, 2023 09:58:22 AM CEST

On September 27, Cisco issued a Security Advisory for five new vulnerabilities in their "Catalyst SD-WAN Manager" products, with the most critical flaw allowing unauthenticated remote access to the server. "Cisco Catalyst SD-WAN Manager" for WAN is network management software allowing admins to visualise, deploy, and manage devices on wide area networks (WAN).

2023-070: Critical Vulnerabilities in Progress WS_FTP Server Software

Saturday, September 30, 2023 09:50:32 AM CEST

On September 27, Progress Software released an advisory announcing multiple vulnerabilities in its enterprise-grade WS_FTP Server secure file transfer software. Two of the vulnerabilities, identified by "CVE-2023-40044" and "CVE-2023-42657", are rated as critical. These flaws expose systems to unauthenticated remote command execution and directory traversal attacks. Immediate patching is strongly advised.

2023-069: Zero-Day Vulnerabilities in Apple Products

Friday, October 06, 2023 10:12:24 AM CEST

On September 21, Apple issued emergency patches for three zero-day bugs, identified by "CVE-2023-41992", "CVE-2023-41991" and "CVE-2023-41993". These vulnerabilities are affecting iOS, iPadOS, and macOS devices and are currently being used in the wild for spyware installation purposes.
Updates as of 06/10/2023 Apple released another emergency update to patch a new zero-day flaw tracked as "CVE-2023-42824" and reported to be exploited against version of iOS before 16.6. This update also fixes "CVE-2023-5217", a buffer overflow in "libpvx" that may result in arbitrary code execution.
Updating is recommended as soon as possible.

2023-068: High Severity Vulnerability in Bitbucket Data Center and Server

Wednesday, September 20, 2023 05:17:50 PM CEST

On September 19, Atlassian released a security bulletin addressing several vulnerabilities among which a high severity vulnerability, identified by "CVE-2023-22513", that could allow an authenticated attacker to execute arbitrary code on the server.
It is recommended updating as soon as possible.

2023-067: Critical Flaw in GitLab

Wednesday, September 20, 2023 10:29:51 AM CEST

On September 18, GitLab has released security updates to address a critical flaw identified by "CVE-2023-4998" that, if exploited, would allow an attacker to run code, modify data or trigger specific events within the GitLab system. This could result in loss of intellectual property, damaging data leaks, supply chain attacks, and other high-risk scenarios.
It is strongly recommended updating as soon as possible to a fixed version.

2023-066: Mozilla Firefox and Thunderbird Zero-Day Vulnerability

Thursday, September 14, 2023 06:26:54 PM CEST

On September 12, 2023, Mozilla released an emergency security update that addresses a zero-day vulnerability, which has been exploited in the wild. The vulnerability impacts its Firefox web browser and Thunderbird email client and is being tracked as CVE-2023-4863. The issue is being exploited in the wild.
[Update] Please note that this vulnerability also impacts other browsers and any software that uses the affected "libwebp" library. CERT-EU strongly advises users to promptly update to the fixed versions for all affected software.

2023-065: Adobe Acrobat and Reader Zero-Day Vulnerability

Wednesday, September 13, 2023 06:44:05 PM CEST

On September 12, 2023, Adobe released a security update that addresses a critical, zero-day vulnerability, which has been exploited in the wild. The vulnerability affects both Windows and MacOS systems and is being tracked as CVE-2023-26369.

2023-064: Microsoft September 2023 Patch Tuesday

Wednesday, September 13, 2023 06:41:04 PM CEST

Microsoft has released its September 2023 Patch Tuesday Security Updates, addressing a total of 59
CVEs, including two actively exploited zero-day vulnerabilities.

2023-063: Google Chrome Critical Vulnerability

Thursday, September 28, 2023 03:20:28 PM CEST

Google has released an emergency security update to address a critical vulnerability found in Chrome. This vulnerability, tracked as CVE-2023-4863, is caused by a WebP heap buffer overflow weakness. It affects Chrome running on Windows, Mac, and Linux systems and has already been exploited in the wild according to Google. Users are advised to update their Chrome web browser to version 116.0.5845.187 (Mac and Linux) and 116.0.5845.187/.188 (Windows) immediately.
Contrary to earlier reports, this critical vulnerability affects not just web browsers but also a wide range of applications that utilise the "libwebp" library for rendering WebP images. This includes Electron-based applications like Signal, 1Password, and software like Honeyview.
[Update] On September 27, Google has released another emergency security update to address a critical vulnerability found in Chrome. The vulnerability is tracked as CVE-2023-5217. Moreover, Google is aware that an exploit for CVE-2023-5217 exists in the wild.

2023-062: Cisco Remote Access VPN Vulnerability

Monday, September 11, 2023 05:04:13 PM CEST

On July 12, 2023, Cisco released an advisory to address a vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defence (FTD) software. It could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a client-less SSL VPN session with an unauthorised user.
In addition, Cisco warns that the vulnerability could be actively exploited by ransomware groups to gain initial access to corporate networks.

2023-061: Zero-Click Vulnerabilities in Apple Operating Systems

Friday, September 08, 2023 12:08:31 PM CEST

In an article published on September 7 2023, Citizen Lab uncovered an actively exploited zero-click vulnerability used to deliver NSO Group's Pegasus spyware on an employee of a Washington DC based civil society organisation. This exploit, named "BLASTPASS" could compromise iPhones running the latest iOS version without user interaction. The exploit involved "PassKit" attachments containing malicious images sent from an attacker iMessage account to the victim.
_Citizen Lab promptly reported their findings to Apple, who issued two CVEs related to this exploit chain (CVE-2023-41064 and CVE-2023-41061). These vulnerabilities have now been patched in iOS, iPadOS, watchOS and macOS.

2023-060: Critical Vulnerability in VMware Aria Operations for Networks

Thursday, August 31, 2023 04:26:11 PM CEST

On August 29, VMware released security updates to patch one critical (CVE-2023-34039) and one high-severity (CVE-2023-20890) vulnerability in Aria Operations for Networks, its enterprise network monitoring tool. The flaws were responsibly reported to the vendor and as of the time of writing, there is no evidence of exploitation in the wild.
CERT-EU urges users to promptly apply the provided fixes.

2023-059: Multiple Junos OS Vulnerabilities

Tuesday, September 19, 2023 11:36:53 AM CEST

Juniper Networks has released fixes to address several vulnerabilities. These vulnerabilities could potentially be chained together to allow unauthorised remote code execution (RCE) on SRX and EX series devices. The combined CVSS score for these flaws is 9.8 (Critical) and a PoC exploit has been publicly released. Therefore, CERT-EU strongly advises users to promptly update their devices to the latest versions, or apply the provided workaround.
[Update] On September 18, a VulnCheck vulnerability researcher released another PoC exploit that only utilises one of the vulnerabilities, bypassing the need to upload files while still achieving remote code execution.

2023-058: Critical Vulnerability in MobileIron Sentry

Tuesday, August 22, 2023 10:45:45 AM CEST

On July 24, 2023, Ivanti published a security advisory about a vulnerability discovered in Ivanti Sentry, formerly known as MobileIron Sentry. The vulnerability tracked as CVE-2023-38035 is an API authentication bypass being exploited in the wild. A successful exploitation allows an attacker to change configuration, run system commands, or write files onto systems.
While the CVSS score is high (9.8), the software company assessed as a low risk of exploitation for customers who do not expose 8443 to the Internet.

2023-057: Microsoft August 2023 Patch Tuesday

Thursday, August 10, 2023 01:52:15 PM CEST

Microsoft has released its August 2023 Patch Tuesday Security Updates, addressing a total of 74 Microsoft
CVEs, including two actively exploited zero-day vulnerabilities, and six Critical vulnerabilities.

2023-056: Critical Vulnerability in Endpoint Manager Mobile (MobileIron Core)

Monday, September 18, 2023 01:44:58 PM CEST

On August 2, Ivanti disclosed a Remote Unauthenticated API Access Vulnerability affecting EPMM (MobileIron Core) running outdated versions (11.2 and below). On August 7, Ivanti added more recent and supported versions on the list of affected products.
The vulnerability tracked as CVE-2023-35082 with as CVSS score of 10 out of 10, is actively exploited and allows an unauthorised, remote actor to potentially access users personally identifiable information and make limited changes to the server.. Ivanti has released security patches addressing this vulnerability. This vulnerability is different from CVE-2023-35078 and CVE-2023-35081.

2023-055: High Vulnerability in Endpoint Manager Mobile (MobileIron Core)

Monday, September 18, 2023 01:49:27 PM CEST

On July 28, 2023, US-based IT software company Ivanti disclosed a Remote File Write vulnerability in its Endpoint Manager Mobile (EPMM) software, previously known as MobileIron Core.
The vulnerability tracked as CVE-2023-35081 with as CVSS score of 7.2 out of 10, is actively exploited and allows an attacker to create, modify, or delete files on a victim's system remotely. Ivanti has released security patches addressing this vulnerability.

2023-054: Privilege Escalation Vulnerabilities in Ubuntu

Monday, July 31, 2023 09:54:55 AM CEST

On the 24th of July, 2023, Ubuntu issued a fix for two local privilege escalation vulnerabilities, CVE-2023-2640 and CVE-2023-32629, that were discovered in the OverlayFS module of its Linux kernel.

2023-053: Critical Vulnerability in Endpoint Manager Mobile (MobileIron Core)

Tuesday, July 25, 2023 10:53:34 AM CEST

On July 24, 2023, US-based IT software company Ivanti disclosed a zero-day authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM) software, previously known as MobileIron Core.
The vulnerability tracked as CVE-2023-35078 with as CVSS score of 10 out of 10, is actively exploited and allows unauthorised users to access restricted functionality or resources of the application. Ivanti has released security patches addressing this vulnerability.

2023-052: RCE Vulnerabilities in Atlassian Products

Monday, July 24, 2023 11:10:35 AM CEST

On July 18, 2023, Atlassian has released its Security Bulletin for July 2023 to address vulnerabilities (RCE) in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506). An attacker can exploit these vulnerabilities to take control of an affected system.

2023-051: RCE Vulnerability in "ssh-agent" of OpenSSH

Thursday, July 20, 2023 02:36:21 PM CEST

On July 19, 2023, OpenSSH released an update regarding a vulnerability, identified as "CVE-2023-38408". This vulnerability was discovered by the Qualys Security Advisory team and allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded "ssh-agent".
"ssh-agent" is a program to hold private keys used for public key authentication. Through the use of environment variables, the agent can be located and automatically used for authentication when logging in to other machines using SSH.

2023-050: Citrix NetScaler Critical Vulnerability

Wednesday, July 19, 2023 10:39:48 AM CEST

On July 18, 2023, Citrix released a security bulletin regarding one critical vulnerability and two high severity vulnerabilities affecting Citrix NetScaler Application delivery controllers (ADCs) and Netscaler Gateway.
Citrix Netscaler ADC is a purpose-built networking appliance used to improve the performance, security, and resiliency of applications delivered over the web. Citrix NetScaler Gateway consolidates remote access infrastructure to provide single sign-on across all applications whether in a data center, in a cloud, or if the apps are delivered as SaaS apps. It allows people to access any app, from any device, through a single URL.

2023-049: Critical Vulnerability in Cisco SD-WAN vManage

Monday, July 17, 2023 11:05:59 AM CEST

On July 12, 2023, Cisco released an advisory to address a critical vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software. Cisco SD-WAN vManage API is a REST API for controlling, configuring, and monitoring the Cisco devices in an overlay network. The vulnerability could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. It is tracked as "CVE-2023-20214" and has a CVSS score of 9.1.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability.

2023-048: Critical Vulnerabilities in SonicWall GMS and Analytics

Thursday, July 13, 2023 03:59:02 PM CEST

On July 12, SonicWall released an Urgent Security Notice regarding a suite of vulnerabilities, among which 4 of them rated as critical, affecting SonicWall GMS and Analytics.
CERT-EU recommends upgrading as soon as possible to the latest version.

2023-047: RCE Vulnerability in FortiOS and FortiProxy

Thursday, July 13, 2023 03:58:36 PM CEST

On July 11, 2023, Fortinet released an advisory regarding a critical vulnerability in FortiOS & FortiProxy that may allow remote attackers to execute arbitrary code or command via crafted packets. This vulnerability was identified as "CVE-2023-33308" with CVSS score of 9.8.
Due to the level of access and control on the network, we recommend to update as soon as possible.

2023-046: Access Control Bypass Vulnerability in Adobe ColdFusion

Wednesday, July 12, 2023 11:46:01 AM CEST

Rapid7 discovered an access control bypass vulnerability in Adobe ColdFusion. This vulnerability allows an attacker to bypass access control restrictions by adding an additional forward slash to the requested URL. Adobe has released a fix for this vulnerability on July 11, 2023.

2023-045: Microsoft July 2023 Patch Tuesday

Wednesday, July 12, 2023 11:41:52 AM CEST

Microsoft has released its July 2023 Patch Tuesday security updates, addressing a total of 130 vulnerabilities, including five that were exploited in the wild as zero-day vulnerabilities. Microsoft has also issued guidance on the malicious use of Microsoft signed drivers.

2023-044: Path Traversal Vulnerability in Mastodon Media File Handler

Friday, July 07, 2023 01:16:08 PM CEST

A critical security vulnerability has been discovered in Mastodon versions up to 3.5.8/4.0.4/4.1.2. This vulnerability, identified as a path traversal issue, affects the Media File Handler component of Mastodon. Exploitation of this vulnerability could allow an attacker to create or overwrite any file that Mastodon has access to, potentially leading to Denial of Service (DoS) and arbitrary Remote Code Execution (RCE).

2023-043: Grafana Authentication Bypass Using Azure AD OAuth

Thursday, June 29, 2023 10:51:07 AM CEST

On the 22nd of June, 2023, a critical security vulnerability - CVE-2023-3128 - was identified in Grafana. Grafana was found to be validating Azure Active Directory (AD) accounts based on the email claim. However, on Azure AD, the profile email field is not unique and can be easily altered. This issue can lead to Grafana account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application.

2023-042: RCE vulnerability in Fortinet FortiNAC

Monday, June 26, 2023 12:26:42 PM CEST

On June 23, 2023, Fortinet released one advisory regarding a critical vulnerability in FortiNAC that may allow unauthenticated attackers to perform remote arbitrary code or command execution. This vulnerability was identified as "CVE-2023-33299" with CVSS score of 9.6. FortiNAC is a network access control solution utilised by organisations to manage network access policies and compliance.
Due to the level of access and control on the network we recommend to update as soon as possible.

2023-041: Multiple Vulnerabilities in BIND 9 DNS System

Monday, June 26, 2023 09:46:43 AM CEST

On June 22, The Internet Systems Consortium (ISC) has released security advisories that address high severity vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions.

2023-040: Multiple Vulnerabilities in VMWare Products

Friday, June 23, 2023 03:31:40 PM CEST

On June 22, VMWare released an advisory regarding multiple memory corruption high severity vulnerabilities in VMware vCenter Server. The affected software provides a centralised and extensible platform for managing virtual infrastructure. The vulnerabilities were found in the DCERPC protocol implementation utilised by vCenter Server. The protocol allows for smooth operation across multiple systems by creating a virtual unified computing environment.

2023-039: Microsoft June Patch Tuesday

Thursday, September 28, 2023 04:41:43 PM CEST

Microsoft's June 2023 Patch Tuesday includes security updates for more than 70 flaws, including multiple critical vulnerabilities.
Update On September 25, STAR Labs researcher published a blog post outlining the successful chaining of CVE-2023-29357 and CVE-2023-24955 to achieve remote code execution (RCE) against Microsoft SharePoint Server. The exploit chain was demonstrated at the Zero Day Initiative’s (ZDI) Pwn2Own contest held in Vancouver in March. Moreover, On September 26, a proof-of-concept (PoC) for the exploit chain was released on GitHub.
It is recommended to apply patches as soon as possible.

2023-038: Critical Vulnerability in FortiOS

Tuesday, June 13, 2023 03:49:24 PM CEST

Fortinet has released several versions of FortiOS to patch a critical pre-authentication remote code execution (RCE) vulnerability in its Fortigate SSL VPN devices. The vulnerability, identified as CVE-2023-27997, allows a hostile agent to interfere via the VPN, even if Multi-Factor Authentication (MFA) is activated.

2023-037: High Severity Vulnerability in Cisco AnyConnect Client

Thursday, June 08, 2023 11:58:59 AM CEST

On June 7, 2023, Cisco issued an advisory regarding a vulnerability affecting Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows that could allow a low-privileged, authenticated, local attacker to elevate privileges to those of "SYSTEM".
CERT-EU recommends updating the software.

2023-036: Critical Vulnerabilities in VMware Aria Operations for Networks

Thursday, June 08, 2023 10:38:26 AM CEST

On June 7, 2023, VMware issued multiple security patches to address critical vulnerabilities in VMware Aria Operations for Networks, formerly known as vRealize Network Insight. The vulnerabilities allow attackers to gain remote execution or access sensitive information.
CERT-EU recommends upgrading as soon as possible.

2023-035: Type Confusion Flaw in Google Chrome

Tuesday, June 06, 2023 05:42:20 PM CEST

Google has released a security update to address a zero-day vulnerability in its Chrome web browser, identified as "CVE-2023-3079". The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Google is aware that an exploit for this vulnerability exists in the wild.
Users of Google Chrome are strongly advised to update to the latest version to mitigate potential threats.

2023-034: Multiple Vulnerabilities in Splunk Enterprise

Tuesday, June 06, 2023 05:36:47 PM CEST

On June 6, 2023, Splunk issued security updates to fix several vulnerabilities, 5 of which are being classified as high. These vulnerabilities could lead to privilege escalation, path traversal, local privilege escalation, denial of service or HTTP response splitting.
CERT-EU highly recommends updating Splunk as soon as possible to the latest version.

2023-033: Critical Vulnerability in MOVEit Transfer

Monday, June 19, 2023 12:23:44 PM CEST

On May 31, 2023, an SQL injection vulnerability has been found in the MOVEit Transfer web application. This critical vulnerability could lead to escalated privileges and potential unauthorised access to the environment. Associated CVE is CVE-2023-34362 with CVSS score of 9.8 and it is actively exploited in the wild.
On June 9, 2023, a second patch was released to address several parts of an exploit chain that were not fully mitigated by the first patch. CVE-2023-35036 (CVSS score 9.1) was assigned to the second vulnerability on June 11.
Researchers have released proof-of-concept (PoC) exploit code for CVE-2023-34362, as well as technical root cause analysis of the flaw.
CERT-EU highly recommends taking immediate action if you are using this product.

2023-032: Vulnerability in Wordpress Gravity Forms Plugin

Wednesday, May 31, 2023 10:43:11 AM CEST

On May 30, 2023, an unauthenticated PHP Object Injection vulnerability has been discovered in the Wordpress' Gravity Forms plugin. This vulnerability, identified as CVE-2023-28782 (CVSS score of 8.3), may allow an unauthenticated user to pass ad-hoc serialised strings to a vulnerable "unserialize" call, resulting in an arbitrary PHP object(s) injection into the application scope.
This vulnerability could be triggered in a default installation of the Gravity Forms plugin and only needs a form that contains a list field.

2023-031: GitLab - Critical Path Traversal Vulnerability

Thursday, May 25, 2023 03:41:52 PM CEST

On May 23, 2023, GitLab released an emergency security update to urgently address a critical severity path traversal flaw - CVE-2023-2825 - with a CVSS v3.1 score of 10.0. This issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) version 16.0.0, with older versions not being affected. The flaw allows an unauthenticated attacker to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

2023-030: Sysmon - Local Privilege Escalation Vulnerability

Monday, May 15, 2023 05:58:32 PM CEST

On May 9, 2023, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon. It is identified as CVE-2023-29343 and could allow an attacker to gain SYSTEM privileges with low attack complexity and without any interaction from a user.
Microsoft currently assesses that the likelihood of exploitation is low due to the lack of a publicly available Proof of Concept exploit, however, it is strongly recommended to update to the latest available Sysmon version.

2023-029: Critical Privilege Escalation in Wordpress Elementor Plugin

Monday, May 15, 2023 05:31:34 PM CEST

A critical security vulnerability (CVSS score: 9.8), tracked as CVE-2023-32243, has been discovered in a popular Wordpress plugin Essential Addons for Elementor. This flaw could allow an attacker to escalate their privileges to that of any user on the WordPress site, as long as they know their username, thus being able to reset the password of the administrator and login on their account.
The vulnerability occurs because the password reset function does not validate a password reset key and instead, directly changes the password of the given user. The issue has been fixed in the latest version of the plugin and it is crucial for website administrators to update to the patched version immediately.

2023-028: Microsoft May 2023 Patch Tuesday

Wednesday, May 10, 2023 07:40:19 PM CEST

Microsoft has released its May 2023 Patch Tuesday security updates, addressing a total of 38 vulnerabilities, including three zero-day vulnerabilities, and six Critical vulnerabilities that allow remote code execution.

2023-027: Critical Vulnerability in Wordpress Plugins

Monday, May 08, 2023 03:04:49 PM CEST

A reflected XSS vulnerability has been discovered in the Advanced Custom Fields (ACF) and Advanced Custom Fields Pro WordPress plugins (versions 6.1.5 and below). This vulnerability allows unauthenticated users to potentially escalate privileges on a WordPress site by tricking a privileged user into visiting a maliciously crafted URL. The issue has been fixed in version 6.1.6, and has been assigned CVE-2023-30777.

2023-026: Critical Vulnerability in a Cisco Product

Friday, May 05, 2023 02:39:00 PM CEST

On May 3, 2023, Cisco released an advisory to address a critical vulnerability in the web-based management system of the Cisco SPA112 2-Port Phone Adapters. The vulnerability is tracked as "CVE-2023-20126" and has a CVSS score of 9.8.

2023-025: Critical vulnerabilities in PaperCut

Thursday, April 20, 2023 03:15:00 PM CEST

A new security advisory has been issued concerning two critical vulnerabilities in PaperCut MF/NG, which are actively being exploited in the wild. The vulnerabilities allow unauthenticated remote code execution and information disclosure. PaperCut users are strongly urged to update their software immediately to mitigate these risks.

2023-024: Type confusion flaw in Google Chrome

Tuesday, April 18, 2023 01:30:00 PM CEST

Google has released out-of-band updates to address a vulnerability in its Chrome web browser, identified as CVE-2023-2033. The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Users of Google Chrome, as well as other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi, are strongly advised to update to the latest version to mitigate potential threats.

2023-023: Remote Code Execution vulnerability in Microsoft Message Queuing

Monday, April 17, 2023 03:28:00 PM CEST

On April 11, 2023, Microsoft released a security update for a critical vulnerability in the Microsoft Message Queuing, commonly known as MSMQ. This vulnerability is identified as CVE-2023-21554 (CVSS score of 9.8) and could allow unauthenticated attackers to remotely execute arbitrary code.

2023-022: Critical Authentication Vulnerability in Fortinet Product

Monday, April 17, 2023 03:25:00 PM CEST

On April 11, 2023, Fortinet released an advisory regarding one critical vulnerability in FortiPresence on-prem infrastructure server. This vulnerability is identified as CVE-2022-41331 (CVSS score of 9.3) and it may allow remote un-authenticated attackers to access the Redis and MongoDB instances.
Moreover, Fortinet has also released security updates to address 9 High, and 10 Medium severity vulnerabilities in FortiPresence, FortiOS, FortiWeb, and other Fortinet products.

2023-021: Critical Vulnerabilities in SAP Products

Monday, April 17, 2023 03:20:00 PM CEST

On April 11, 2023, SAP released 24 patches for various products, which contain five critical severity fixes that impact SAP Diagnostics Agent, SAP Business Client, SAP NetWeaver Process Integration, SAP BusinessObjects Business Intelligence Platform, and SAP NetWeaver Application Server for ABAP Platform:

- Multiple vulnerabilities in SAP Diagnostics Agent - CVE-2023-27497 and CVE-2023-27267 (CVSS score 10.0);
- Update to Security Note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client - (CVSS score 10.0);
- Improper access control in SAP NetWeaver AS Java - CVE-2022-41272 (CVSS score 9.9);
- Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform - CVE-2023-28765 (CVSS score 9.8); - Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform - CVE-2023-27269 (CVSS score 9.6).

Due to its high global market share, SAP products are a valuable target for threat actors and criminals. Therefore, CERT-EU recommends applying the issued patches as soon as possible.

2023-020: Remote Code Execution vulnerability in Windows HTTP protocol stack

Wednesday, March 15, 2023 11:30:00 AM CET

On March 14, 2023, Microsoft released a security fix for a vulnerability (CVE-2023-23392) in the HTTP/3 protocol stack of Microsoft Windows Server 2022 and Windows 11 systems. This vulnerability allows a remote attacker to execute arbitrary code. Microsoft expects this vulnerability likely to be exploited soon.

2023-019: Several Critical Vulnerabilities in SAP Products

Wednesday, March 15, 2023 11:30:00 AM CET

On March 14, 2023, SAP released 19 patches for various products which contain five critical severity fixes for SAP Business Objects Business Intelligence Platform (CMC) and SAP NetWeaver:

- Improper Access Control in SAP NetWeaver AS for Java (CVE-2023-23857)
- Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC) (CVE-2023-25616)
- OS command execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server) (CVE-2023-25617)
- Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (CVE-2023-27269)
- Directory Traversal vulnerability in SAP ERP and S4HANA (SAPRSBRO Program) (CVE-2023-27500)

Due to its high global market share, SAP products are a valuable target for threat actors and criminals. Therefore, CERT-EU recommends applying the issued patches as soon as possible.

2023-018: Microsoft Outlook Elevation of Privilege Vulnerability

Wednesday, March 15, 2023 11:30:00 AM CET

On March 14, 2023, Microsoft released a security fix for an elevation of privilege vulnerability (CVE-2023-23397) in Microsoft Outlook. A specially crafted e-mail can trigger the vulnerability automatically when it is retrieved and processed by the Outlook client. Such an e-mail could lead to exploitation before the e-mail is viewed in the Preview Pane and allows an attacker to steal credential hashes by forcing the targets' devices to authenticate to an attacker-controlled server. The Computer Emergency Response Team for Ukraine (CERT-UA) reported the vulnerability to Microsoft. Based on Microsoft Threat Intelligence, a Russia-based threat actor used it in attacks to target and breach the network of several governments, military, energy, and transportation organisations in Europe between April and December 2022. They used the stolen hashes for lateral movement within the victims' networks and to change Outlook mailbox folder permissions for e-mail exfiltration. Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages.

2023-017: Severe Vulnerabilities in Jenkins Products

Thursday, March 09, 2023 05:40:00 PM CET

On March 8, 2023, Jenkins released advisories regarding 2 severe security vulnerabilities in Jenkins server and Update Center. These vulnerabilities are identified by CVE-2023-27898 and CVE-2023-27905 and could allow an unauthenticated attacker to execute arbitrary code on the victim's Jenkins server, potentially leading to a complete compromise of the Jenkins server. Furthermore, these vulnerabilities could be exploited even if the Jenkins server is not directly reachable by attackers and could also impact self-hosted Jenkins servers.

2023-016: High Vulnerability in Veeam Backup & Replication

Thursday, March 09, 2023 05:30:00 PM CET

On March 8, 2023, Veeam released a new security advisory revealing one high vulnerability in a Veeam Backup & Replication component. This vulnerability is identified by CVE-2023-27532 (CVSS score of 7.5) and it may allow an attacker to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts. It is highly recommended installing the latest version.

2023-015: RCE Vulnerability in Fortinet Products

Wednesday, March 08, 2023 11:15:00 PM CET

On March 7, 2023, Fortinet released an advisory regarding one critical vulnerability in FortiOS and FortiProxy administrative interface. This vulnerability is identified as CVE-2023-25610 (CVSS score of 9.3) and it may allow remote unauthenticated attackers to execute arbitrary code on the device and/or to perform a DoS on the GUI. Fortinet is not aware of any instance where this vulnerability was exploited in the wild.

2023-014: Critical Vulnerabilities in VMware Products

Thursday, February 23, 2023 10:30:00 PM CET

On February 20, 2023, the MISP project team released advisories regarding 2 critical SQL injection vulnerabilities in MISP Threat Intelligence and Sharing Platform. The team decided to follow a silent fix procedure, releasing several updates in November and December 2022, giving enough time to users to update their instances to a safe version.

2023-013: Critical SQL injection vulnerabilities in MISP

Tuesday, February 21, 2023 11:15:00 AM CET

On February 20, 2023, the MISP project team released advisories regarding 2 critical SQL injection vulnerabilities in MISP Threat Intelligence and Sharing Platform. The team decided to follow a silent fix procedure, releasing several updates in November and December 2022, giving enough time to users to update their instances to a safe version.

2023-012: RCE vulnerabilities in Fortinet products

Monday, February 20, 2023 03:40:00 PM CET

On February 16, 2023, Fortinet released advisories regarding critical vulnerabilities in FortiNAC and FortiWeb products that may allow unauthenticated attackers to perform remote arbitrary code or command execution.

The first vulnerability identified as CVE-2022-39952 (CVSS score of 9.8) and is related to the FortiNAC product. FortiNAC is Fortinet’s network access control solution that enhances the Security Fabric. It also provides protection against IoT threats, extends control to third-party devices, and orchestrates automatic responses to a wide range of networking events.
The second vulnerability identified as CVE-2021-42756 (CVSS score of 9.8) and is related to FortiWeb products. FortiWeb is a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations.

2023-011: ClamAV critical vulnerability

Monday, February 20, 2023 03:40:00 PM CET

On February 15th, 2023, ClamAV informed about a critical vulnerability in the cross-platform antimalware toolkit. The vulnerability is identified as CVE-2023-20032 and could lead to remote code execution.

2023-010: Severe Vulnerabilities in Citrix Workspace, Virtual Apps and Desktops

Thursday, February 16, 2023 11:00:00 AM CET

On February 14, 2023, Citrix released Security Bulletins regarding severe vulnerabilities affecting its Citrix Workspace, Virtual Apps and Desktops. If exploited, these vulnerabilities could enable attackers to elevate their privileges and take control of the affected system, but they need local access to the target.
It is then highly recommended to install the last security updates.

2023-009: Multiple Critical Vulnerabilities in Microsoft Products

Thursday, February 16, 2023 11:00:00 AM CET

On February 14, Microsoft released its February 2023 Patch Tuesday advisory disclosing 79 vulnerabilities (with 9 critical ones), including 3 exploited zero-day vulnerabilities identified with "CVE-2023-21823", "CVE-2023-21715" and "CVE-2023-23376", which affect respectively Windows Graphics Component, Microsoft Publisher and Windows Common Log File System Driver.
Microsoft patched additional three remote code execution Exchange Server flaws (CVE-2023-21706, CVE-2023-21707, and CVE-2023-21529) that are likely to be exploited, but an authentication is required.
It is highly recommended to patch affected devices.

2023-008: Vulnerability in OpenSSH

Wednesday, February 08, 2023 06:20:00 PM CET

The development team of the OpenSSH suite has released the version 9.2 to address several security vulnerabilities, including a memory safety bug in the OpenSSH server (sshd) tracked as CVE-2023-25136. This vulnerability can be exploited by a remote attacker to execute arbitrary code on the target system.

2023-007: High Severity Vulnerability in OpenSSL

Wednesday, February 08, 2023 06:20:00 PM CET

On February 7, the OpenSSL project team has released a major security update to address 8 vulnerabilities. One vulnerability, tracked as CVE-2023-0286 and rated as High, may allow a remote attacker to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service.

2023-006: Critical Security Flaw in Jira Service Management Server and Data Center

Friday, February 03, 2023 07:20:00 PM CET

A critical security flaw has been discovered in Jira Service Management Server and Data Center that can be exploited by an attacker to impersonate another user and gain unauthorized access to instances. The vulnerability is tracked as CVE-2023-22501 with a CVSS score of 9.4.

2023-005: Critical Code Injection Vulnerability in QNAP Devices

Tuesday, January 31, 2023 05:55:00 PM CET

On January 30th, 2023, QNAP published an advisory related to a critical vulnerability, identified as CVE-2022-27596, allowing remote attackers to inject malicious code on QNAP NAS devices.

2023-004: Critical Vulnerability in Several ManageEngine Products

Monday, January 30, 2023 10:15:00 AM CET

On January 18th, ManageEngine released updates to several ManageEngine OnPremise products. The potentially vulnerable products use outdated versions of the open-source library Apache Santuario (XML Security for Java). Products must have enabled Single-Sign-On (SSO) using the Security Assertion Markup Language (SAML) to be vulnerable. For some products, the SSO must be active, while for others, it is sufficient that SSO was active once. As a result, the vulnerability allows an unauthenticated adversary to execute arbitrary code. Additionally, a Proof-of-Concept exploit is available.

2023-003: Critical Vulnerability in VMware vRealize Log Insight

Thursday, January 26, 2023 11:55:00 AM CET

On January 24, 2022, VMWare released a new security advisory revealing multiple vulnerabilities in VMware vRealize Log Insight. There are two critical vulnerabilities including a directory traversal vulnerability (CVE-2022-31706) and a broken access control vulnerability (CVE-2022-31704). Both of them have the CVSS score of 9.8 out of 10.
It is highly recommended applying the last version.

2023-002: Multiple critical Vulnerabilities in Git

Thursday, January 19, 2023 10:50:00 PM CET

During a code audit, X41 discovered several vulnerabilities in the version control system git. On January 17, the git project resolved the two most critical security vulnerabilities (CVE-2022-23521 and CVE-2022-41903) that could allow the remote execution of arbitrary code. GitHub and GitLab have also issued updates for their products, including the latest version of git. A third vulnerability (CVE-2022-41953) affects the Windows version of the Git GUI software and could also lead to the execution of arbitrary code. CERT-EU highly recommend upgrading to the latest version of git. In addition, if you are running on-premise GitHub or GitLab servers, we recommend updating them.

2023-001: Zero-day and Critical Vulnerabilities in Microsoft Windows

Wednesday, January 11, 2023 05:50:00 PM CET

On January 10, 2023, on their first Patch Tuesday of 2023, Microsoft fixed an actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability and a total of 98 flaws. Eleven of them were classified as critical by Microsoft as they allow remote code execution, bypass security features, or elevate privileges. It is highly recommended applying the fixes as soon as possible.