SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 05
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.https://isc.sans.edu/about.html
Detecting (Malicious) OneNote Files
Published: 2023-02-01
Last Updated: 2023-02-01 08:57:26 UTC
by Didier Stevens (Version: 1)
We are starting to see malicious OneNote documents (cfr. Xavier's diary entry "A First Malicious OneNote Document"https://isc.sans.edu/diary/A+First+Malicious+OneNote+Document/29470).
OneNote files have their own binary fileformat: [MS-ONESTORE].
A OneNote file starts with GUID {7B5C52E4-D88C-4DA7-AEB1-5378D02996D3}.
Files contained in a OneNote file start with a header (FileDataStoreObject) followed by the embedded file itself. This header also starts with a GUID: {BDE316E7-2665-4511-A4C4-8D4D0B7A9EAC}.
Hence, to detect OneNote files with embedded files, look for files that start with byte sequence E4 52 5C 7B 8C D8 A7 4D AE B1 53 78 D0 29 96 D3 (that's GUID {7B5C52E4-D88C-4DA7-AEB1-5378D02996D3}) and contain one ore more instances of byte sequence E7 16 E3 BD 65 26 11 45 A4 C4 8D 4D 0B 7A 9E AC (that's GUID {BDE316E7-2665-4511-A4C4-8D4D0B7A9EAC}).
This allows you to detect OneNote files with embedded files. Which are not necessarily malicious ... Because an embedded file can just be a picture, for example.
Read the full entry:
https://isc.sans.edu/diary/Detecting+Malicious+OneNote+Files/29494/
Decoding DNS over HTTP(s) Requests
Published: 2023-01-30
Last Updated: 2023-01-30 16:51:54 UTC
by Johannes Ullrich (Version: 1)
I have written before about scans for DNS over HTTP(s) (DoH) servers. DoH is now widely supported in different browsers and recursive resolvers. It has been an important piece in the puzzle to evade various censorship regimes, in particular, the "Big Chinese Firewall". Malware has at times used DoH, but often uses its own HTTP(s) based resolvers that do not necessarily comply with the official DoH standard.
Read the full entry:
https://isc.sans.edu/diary/Decoding+DNS+over+HTTPs+Requests/29488/
Live Linux IR with UAC
Published: 2023-01-26
Last Updated: 2023-01-26 23:07:32 UTC
by Tom Webb (Version: 1)
The other day, I was looking for Linux IR scripts and ran across the tool Unix-like Artifacts Collector or UAC(1) created by Thiago Lahr. As you would expect, it gathers most live stats but also collects Virtual box and Docker info and other data on the system. It can dump results files to SFTP, Azure, S3, and IBM storage natively.
With any tool, you should always test to understand how it affects your system. I ran a simple file timeline collection before and after to see what changes were made.
Read the full entry:
Internet Storm Center Entries
Rotating Packet Captures with pfSense (2023.02.01)
https://isc.sans.edu/diary/Rotating+Packet+Captures+with+pfSense/29500/
DShield Honeypot Setup with pfSense (2023.01.31)
https://isc.sans.edu/diary/DShield+Honeypot+Setup+with+pfSense/29490/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.CVE-2022-47966 - Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H** KEV since 2023-01-23 **NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47966ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8340CVE: CVE-2022-42475 - A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H** KEV Since 2022-12-23 **NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42475CVE-2022-45639 - OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-45639NVD References:-https://www.binaryworld.it/-https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639CVE-2022-25894 - All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-25894NVD References:-https://fmyyy1.github.io/2022/10/23/uflo2rce/-https://security.snyk.io/vuln/SNYK-JAVA-COMBSTEKUFLO-3091112CVE-2022-3094 - Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.CVSS Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-3094ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8344NVD References:https://kb.isc.org/docs/cve-2022-3094CVE-2022-3572 - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.CVSS Score: 9.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-3572NVD References:-https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3572.json-https://gitlab.com/gitlab-org/gitlab/-/issues/378214-https://hackerone.com/reports/1727985CVE-2022-45808 - SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.CVE-2022-45820 - SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.CVE-2022-47615 - Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.CVSS Scores: 9.1 - 9.9CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L; N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L;…
CVE-2022-45808 - SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVE-2022-45820 - SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVE-2022-47615 - Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.CVSS Scores: 9.1 - 9.9CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L; N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L; N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NNVD References:https://patchstack.com/articles/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version/NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-45808NVD References:https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection?_s_id=cveNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-45820NVD References:https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-auth-sql-injection-sqli-vulnerability?_s_id=cveNVD:https://nvd.nist.gov/vuln/detail/CVE-2022-47615NVD References:https://patchstack.com/database/vulnerability/learnpress/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cveCVE-2023-0321 - Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.CVSS Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-0321NVD References:-https://www.hackplayers.com/2023/01/cve-2023-0321-info-sensible-campbell.html-https://www.incibe-cert.es/en/early-warning/ics-advisories/disclosure-sensitive-information-campbell-scientific-productsCVE-2023-0452 - All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak Hash, and use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.CVSS Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-0452NVD References:https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-02CVE-2023-22482 - Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds.CVSS Score: 9.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22482NVD References:https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjcCVE-2023-23619 - Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer's GitHub Security Advisory (GHSA) noting "It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior." The suggested workaround from the maintainers is "Fully custom presets that change the entire rendering process which can then escape the user input."CVSS Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HNVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23619NVD References:https://github.com/asyncapi/modelina/security/advisories/GHSA-4jg2-84c2-pj95CVE-2023-24022 - Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded cre…
CVE-2022-32513 - A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)
CVE-2022-32514 - A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32513
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32514
CVE-2022-32522 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32523 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32524 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32525 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32526 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32527 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32529 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32522
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32523
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32524
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32525
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32526
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32527
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32529
CVE-2022-24324 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVE-2022-2329 - A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-24324
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-2329
CVE-2022-42970 - A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2022-42971 - A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42970
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42971
CVE-2022-39060 - ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-39060
NVD References:https://www.twcert.org.tw/tw/cp-132-6887-6ed4f-1.html
CVE-2023-22900 - Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22900
NVD References:https://www.twcert.org.tw/tw/cp-132-6885-d679e-1.html
CVE-2023-22610 - A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).
CVSS Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22610
NVD References:https://www.se.com/ww/en/download/document/SEVD-2023-010-02/
CVE-2023-23924 - Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
CVSS Score: 10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23924
NVD References:
-https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85
-https://github.com/dompdf/dompdf/releases/tag/v2.0.2
-https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
CVE-2023-21538 - .NET Denial of Service Vulnerability
CVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21538
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
CVE-2023-21712 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21712
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21712
CVE-2022-34689 - Windows CryptoAPI Spoofing Vulnerability.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-34689
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8344
CVE-2023-23560 - In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23560
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8342
The following vulnerability needs a manual review:
CVE: CVE-2023-0210
CISA KEV:
Vendor: unknown
Product: unknown
Description: unknown
CVE-2022-32522 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32523 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32524 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32525 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32526 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32527 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32529 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32522
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32523
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32524
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32525
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32526
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32527
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-32529
CVE-2022-24324 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVE-2022-2329 - A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-24324
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-2329
CVE-2022-42970 - A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2022-42971 - A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42970
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42971
CVE-2022-39060 - ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-39060
NVD References:https://www.twcert.org.tw/tw/cp-132-6887-6ed4f-1.html
CVE-2023-22900 - Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22900
NVD References:https://www.twcert.org.tw/tw/cp-132-6885-d679e-1.html
CVE-2023-22610 - A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).
CVSS Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22610
NVD References:https://www.se.com/ww/en/download/document/SEVD-2023-010-02/
CVE-2023-23924 - Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
CVSS Score: 10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23924
NVD References:
-https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85
-https://github.com/dompdf/dompdf/releases/tag/v2.0.2
-https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
CVE-2023-21538 - .NET Denial of Service Vulnerability
CVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21538
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
CVE-2023-21712 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21712
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21712
CVE-2022-34689 - Windows CryptoAPI Spoofing Vulnerability.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-34689
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8344
CVE-2023-23560 - In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23560
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8342
The following vulnerability needs a manual review:
CVE: CVE-2023-0210
CISA KEV:
Vendor: unknown
Product: unknown
Description: unknown
CVE-2022-24324 - A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVE-2022-2329 - A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-24324
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-2329
CVE-2022-42970 - A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2022-42971 - A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42970
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42971
CVE-2022-39060 - ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-39060
NVD References:https://www.twcert.org.tw/tw/cp-132-6887-6ed4f-1.html
CVE-2023-22900 - Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22900
NVD References:https://www.twcert.org.tw/tw/cp-132-6885-d679e-1.html
CVE-2023-22610 - A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).
CVSS Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22610
NVD References:https://www.se.com/ww/en/download/document/SEVD-2023-010-02/
CVE-2023-23924 - Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
CVSS Score: 10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23924
NVD References:
-https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85
-https://github.com/dompdf/dompdf/releases/tag/v2.0.2
-https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
CVE-2023-21538 - .NET Denial of Service Vulnerability
CVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21538
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
CVE-2023-21712 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21712
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21712
CVE-2022-34689 - Windows CryptoAPI Spoofing Vulnerability.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-34689
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8344
CVE-2023-23560 - In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23560
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8342
The following vulnerability needs a manual review:
CVE: CVE-2023-0210
CISA KEV:
Vendor: unknown
Product: unknown
Description: unknown
CVE-2022-42970 - A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2022-42971 - A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42970
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-42971
CVE-2022-39060 - ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-39060
NVD References:https://www.twcert.org.tw/tw/cp-132-6887-6ed4f-1.html
CVE-2023-22900 - Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22900
NVD References:https://www.twcert.org.tw/tw/cp-132-6885-d679e-1.html
CVE-2023-22610 - A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).
CVSS Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-22610
NVD References:https://www.se.com/ww/en/download/document/SEVD-2023-010-02/
CVE-2023-23924 - Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
CVSS Score: 10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23924
NVD References:
-https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85
-https://github.com/dompdf/dompdf/releases/tag/v2.0.2
-https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
CVE-2023-21538 - .NET Denial of Service Vulnerability
CVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21538
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538
CVE-2023-21712 - Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-21712
MSFT Details:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21712
CVE-2022-34689 - Windows CryptoAPI Spoofing Vulnerability.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2022-34689
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8344
CVE-2023-23560 - In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
CVSS Score: 0
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-23560
ISC Podcast:https://isc.sans.edu/podcastdetail.html?podcastid=8342
The following vulnerability needs a manual review:
CVE: CVE-2023-0210
CISA KEV:
Vendor: unknown
Product: unknown
Description: unknown
Sponsors
SANS
*********** Sponsored By SANS ***********Have you completed the SANS 2023 Visibility and Attack Surface Survey? This survey will explore how visibility and attack surface are related, and also how our ideas and conceptions about these are expressed. Share your insights with the SANS community for your chance to win a $400 Amazon gift card.Take the Survey:
Palo Alto Networks Cortex
Tune in for A Leader's Guide to Security Operations: Improve Productivity with Threat Intelligence and Automation on February 14th at 1:00pm ET | We will candidly discuss digital transformation, SOC automation and tactical security operations. | Register now:
ProcessUnity
Upcoming webcast on February 21st at 1:00pm ET | How to Build a Risk Register That Accounts for Internal and External Risk - tune in to learn how to create a strong foundation for your cyber and third-party risk management | Register now:
Infoblox
Join John Pescatore on February 22nd at 1:00pm ET for A DNS Security Architecture as SecOps Force Multiplier | During this webcast, we will discuss best practices for an effective DNS security architecture.| Register now: