@RISK

The Consensus Security Vulnerability Alert

February 16, 2023  |   Vol. 23, Num. 07

Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT


ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html



Microsoft February 2023 Patch Tuesday

Published: 2023-02-14

Last Updated: 2023-02-15 01:19:13 UTC

by Johannes Ullrich (Version: 1)


Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as "Critical" by Microsoft.


Three of the vulnerabilities, all rated "important", are already being exploited:


CVE-2023-21715: Microsoft Publisher Security Feature Bypass. This vulnerability will allow the execution of macros bypassing policies blocking them.


CVE-2023-23376: Windows Common Log File Ssytem Driver Elevation of Privilege Vulnerability


CVE-2023-21823: Windows Graphics Component Remote Code Execution Vulnerability. Patches for this vulnerability may only be available via the Microsoft Store. Make sure you have these updates enabled.


Some additional vulnerabilities of interest:


CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Likely not the most common issue to be patched this month, but something that may easily be missed. This vulnerability, if exploited, could be used for lateral movement.


CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability. Word is always a great target as it offers a large attack surface. No known exploit for this vulnerability, but its CVSS score of 9.8 will attract some attention. The rating of "critical" implies that it is not necessary to open the document to trigger the vulnerability.


Visual Studio: Several vulnerabilities, two of them critical, affect Visual Studio. Attacks against developers are often not well documented but appear on the rise.


Read the full entry:

https://isc.sans.edu/diary/Microsoft+February+2023+Patch+Tuesday/29548/




Apple Patches Exploited Vulnerability

Published: 2023-02-13

Last Updated: 2023-02-13 20:47:36 UTC

by Johannes Ullrich (Version: 1)


Apple today released updates for Safari, iOS, iPadOS, MacOS, tvOS, and watchOS. Security details are only available for Safari, iOS, iPadOS, and macOS. One vulnerability being patched across all three operating systems is already being exploited:


CVE-2023-23529: This is a critical vulnerability that is already actively exploited. The type confusion vulnerability in webKit and it is already exploited. It may be exploited by the user visiting a malicious web page. It affects Safari, iPadOS, iOS as well as MacOS.


CVE-2023-23514: A kernel vulnerability that may allow an application installed on the device to execute arbitrary code with kernel privileges. A code achieving command execution via CVE-2023-23529 could use this vulnerability to escalate privileges and escape the Safari sandbox. iPadOS, iOS, and MacOS are affected.


CVE-2023-23522: This vulnerability in Shortcuts may allow an app to observe unprotected user data. It only affects macOS.


Read the full entry:

https://isc.sans.edu/diary/Apple+Patches+Exploited+Vulnerability/29544/




A Backdoor with Smart Screenshot Capability

Published: 2023-02-09

Last Updated: 2023-02-09 08:39:31 UTC

by Xavier Mertens (Version: 1)


Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions.


For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer. To take a screenshot in Python is easy as this:


Read the full entry:

https://isc.sans.edu/diary/A+Backdoor+with+Smart+Screenshot+Capability/29534/

Internet Storm Center Entries


DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer (2023.02.15)

https://isc.sans.edu/diary/DNS+Recon+Redux+Zone+Transfers+plus+a+time+machine+for+When+You+Cant+do+a+Zone+Transfer/29552/


Venmo Phishing Abusing LinkedIn "slink" (2023.02.13)

https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/


PCAP Data Analysis with Zeek (2023.02.12)

https://isc.sans.edu/diary/PCAP+Data+Analysis+with+Zeek/29530/


Obfuscated Deactivation of Script Block Logging (2023.02.10)

https://isc.sans.edu/diary/Obfuscated+Deactivation+of+Script+Block+Logging/29538/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2023-21715 - Microsoft Publisher Security Features Bypass Vulnerability

CVSS Score: 7.3 

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

** KEV since 2023-02-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21715

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715




CVE-2023-23376 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

** KEV since 2023-02-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23376

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376




CVE-2023-21823 - Windows Graphics Component Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

** KEV since 2023-02-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21823

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823




CVE-2023-21716 - Microsoft Word Remote Code Execution Vulnerability

CVSS Score: 9.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21716

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716




CVE-2023-21803 - Windows iSCSI Discovery Service Remote Code Execution Vulnerability

CVSS Score: 9.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21803

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803




CVE-2023-21689, CVE-2023-21690, and CVE-2023-21692 - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerabilities

CVSS Score: 9.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-21689

- https://nvd.nist.gov/vuln/detail/CVE-2023-21690

- https://nvd.nist.gov/vuln/detail/CVE-2023-21692

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: 

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692




CVE-2022-31249 - A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

CVSS Score: 9.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31249

NVD References: https://bugzilla.suse.com/show_bug.cgi?id=1200299




CVE-2022-43757 - A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

CVSS Score: 9.9 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-43757

NVD References: https://bugzilla.suse.com/show_bug.cgi?id=1205295




CVE-2022-24990 - TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

CVSS Score: 0

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

** KEV since 2023-02-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-24990

NVD References: 

- https://forum.terra-master.com/en/viewforum.php?f=28

- https://github.com/0xf4n9x/CVE-2022-24990

- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/

- https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732




CVE-2023-24813 - Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it's possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score: 10.0 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24813

NVD References: 

- https://github.com/dompdf/dompdf/commit/95009ea98230f9b084b040c34e3869ef3dccc9aa

- https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75




CVE-2022-43761 - Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.

CVE-2022-43764 - Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code.

CVSS Score: 9.4 - 9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L and 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2022-43761

- https://nvd.nist.gov/vuln/detail/CVE-2022-43764

NVD References:https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf




CVE-2023-25168 - Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.

CVSS Score: 9.6 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25168

NVD References: 

- https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d

- https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63

- https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5




CVE-2023-0776 - Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

CVSS Score: 10.0 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0776

NVD References: https://baicells.com/Service/Firmware




CVE-2022-25729 - Memory corruption in modem due to improper length check while copying into memory

CVE-2022-33232 - Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.

CVE-2022-33279 - Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

CVE-2022-40514 - Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

CVSS Score: 9.3 - 9.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2022-25729

- https://nvd.nist.gov/vuln/detail/CVE-2022-33232      

- https://nvd.nist.gov/vuln/detail/CVE-2022-33279

- https://nvd.nist.gov/vuln/detail/CVE-2022-40514

NVD References: https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin




CVE-2023-23551 - Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.

CVSS Score: 9.1 

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23551

NVD References: https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01




CVE-2023-24482 - A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

CVSS Score: 10.0 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24482

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf




CVE-2023-21528 - Microsoft SQL Server Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21528

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528




CVE-2023-21529 - Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21529

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529




CVE-2023-21564 - Azure DevOps Server Cross-Site Scripting Vulnerability

CVSS Score: 7.1 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21564

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21564




CVE-2023-21568 - Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

CVSS Score: 7.3 

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21568

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568




CVE-2023-21684 - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21684

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21684




CVE-2023-21685 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21685

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21685




CVE-2023-21686 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21686

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21686




CVE-2023-21688 - NT OS Kernel Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21688

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21688




CVE-2023-21691 - Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21691

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21691




CVE-2023-21695 - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21695

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21695




CVE-2023-21701 - Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21701

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21701




CVE-2023-21700 - Windows iSCSI Discovery Service Denial of Service Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21700

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21700




CVE-2023-21702 - Windows iSCSI Service Denial of Service Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21702

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21702




CVE-2023-21704 - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21704

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704




CVE-2023-21705 and CVE-2023-21713 - Microsoft SQL Server Remote Code Execution Vulnerabilities

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-21705

- https://nvd.nist.gov/vuln/detail/CVE-2023-21713

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: 

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713




CVE-2023-21706, CVE-2023-21707, CVE-2023-21710 - Microsoft Exchange Server Remote Code Execution Vulnerabilities

CVSS Scores: 7.2 - 8.8 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-21706

- https://nvd.nist.gov/vuln/detail/CVE-2023-21707    

- https://nvd.nist.gov/vuln/detail/CVE-2023-21710

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: 

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710




CVE-2023-21717 - Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21717

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717




CVE-2023-21718 - Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21718

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718




CVE-2023-21777 - Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability

CVSS Score: 8.7 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21777

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21777




CVE-2023-21797 and CVE-2023-21798 -  Microsoft ODBC Driver Remote Code Execution Vulnerabilities

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-21797

- https://nvd.nist.gov/vuln/detail/CVE-2023-21798

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: 

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21797

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21798




CVE-2023-21799 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS Score: 8.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21799

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21799




CVE-2023-21800 - Windows Installer Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21800

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21800




CVE-2023-21801 - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21801

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21801




CVE-2023-21802 - Windows Media Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21802

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21802




CVE-2023-21804 - Windows Graphics Component Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21804

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21804




CVE-2023-21805 - Windows MSHTML Platform Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21805

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21805

 



CVE-2023-21806 - Power BI Report Server Spoofing Vulnerability

CVSS Score: 8.2 

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21806

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806




CVE-2023-21809 - Microsoft Defender for Endpoint Security Feature Bypass Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21809

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21809

   



CVE-2023-21811 - Windows iSCSI Service Denial of Service Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21811

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21811




CVE-2023-21812 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21812

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21812




CVE-2023-21813 - Windows Secure Channel Denial of Service Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21813

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21813

 



CVE-2023-21816 - Windows Active Directory Domain Services API Denial of Service Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21816

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21816




CVE-2023-21817 - Windows Kerberos Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21817

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21817

 



CVE-2023-21818 and CVE-2023-21819 - Windows Secure Channel Denial of Service Vulnerabilities

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-21818

- https://nvd.nist.gov/vuln/detail/CVE-2023-21819

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: 

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21818

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21819




CVE-2023-21820 - Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVSS Score: 7.4 

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21820

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21820

 



CVE-2023-21822 - Windows Graphics Component Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21822

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822




CVE-2023-23374 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVSS Score: 8.3 

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23374

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23374

 



CVE-2023-23377 - 3D Builder Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23377

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23377




CVE-2023-23378 - Print 3D Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23378

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23378




CVE-2023-23390 - 3D Builder Remote Code Execution Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23390

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23390




CVE-2023-21553 - Azure DevOps Server Remote Code Execution Vulnerability

CVSS Score: 7.5 

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21553

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21553




CVE-2023-21566 - Visual Studio Elevation of Privilege Vulnerability

CVSS Score: 7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21566

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566




CVE-2023-21778 - Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability

CVSS Score: 8.3 

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21778

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21778




CVE-2023-21808 - .NET and Visual Studio Remote Code Execution Vulnerability

CVSS Score: 8.4 

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21808

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808

 



CVE-2023-21815 and CVE-2023-23381 - Visual Studio Remote Code Execution Vulnerabilities

CVSS Score: 8.4 

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

NVD: 

- https://nvd.nist.gov/vuln/detail/CVE-2023-21815

- https://nvd.nist.gov/vuln/detail/CVE-2023-23381

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: 

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381




CVE-2019-15126 - Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-15126

ISC Diary: https://isc.sans.edu/diary/29548

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-15126




The following vulnerabilities need a manual review:


CVE: CVE-2023-23529 - Apple Multiple Products WebKit Type Confusion Vulnerability

CISA KEV: YES

Vendor: Apple

Product: Multiple Products

Description: WebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution.

        


CVE: CVE-2023-23514 , Score: 10

CISA KEV: 

Vendor: unknown

Product: unknown

Description: unknown

        


CVE: CVE-2023-23522 , Score: 10

CISA KEV: 

Vendor: unknown

Product: unknown

Description: unknown