The Consensus Security Vulnerability Alert

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.CVE-2023-25725 - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.CVSS Score: 0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:NNVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25725ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8372NVD References: - https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=a0e561ad7f29ed50c473f5a9da664267b60d1112- https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html- https://www.debian.org/security/2023/dsa-5348- https://www.haproxy.org/CVE-2022-39952 - A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.CVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD: https://nvd.nist.gov/vuln/detail/CVE-2022-39952ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8380NVD References: https://fortiguard.com/psirt/FG-IR-22-300CVE-2021-42756 - Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.CVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNVD: https://nvd.nist.gov/vuln/detail/CVE-2021-42756NVD References: https://fortiguard.com/psirt/FG-IR-21-186CVE-2021-42761 - A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.CVSS Score: 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HNVD: https://nvd.nist.gov/vuln/detail/CVE-2021-42761NVD References: https://fortiguard.com/psirt/FG-IR-21-214CVE-2022-38375 - An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HNVD: https://nvd.nist.gov/vuln/detail/CVE-2022-38375NVD References: https://fortiguard.com/psirt/FG-IR-22-329CVE-2022-47986 - IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.CVSS Score: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H** KEV since 2023-02-21 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-47986NVD References: - https://exchange.xforce.ibmcloud.com/vulnerabilities/243512- https://www.ibm.com/support/pages/node/6952319CVE-2023-21715 - Microsoft Publisher Security Features Bypass VulnerabilityCVSS Score: 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C** KEV since 2023-02-14 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21715MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715CVE-2023-23376 - Windows Common Log File System Driver Elevation of Privilege VulnerabilityCVSS Score: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C** KEV since 2023-02-14 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23376MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376CVE-2023-21823 - Windows Graphics Component Remote Code Execution VulnerabilityCVSS Score: 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C** KEV since 2023-02-14 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21823MSFT Details: https://msrc.microsoft.com/update-guide/vulner…