SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 45
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday November 2023
ublished: 2023-11-14
Last Updated: 2023-11-14 18:42:33 UTC
by Johannes Ullrich (Version: 1)
Today, Microsoft released patches for 64 different vulnerabilities in Microsoft products, 14 vulnerabilities in Chromium affecting Microsoft Edge, and five vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three of these vulnerabilities are already being exploited, and three have been made public before the release of the patches.
CVE-2023-36038: A denial of service vulnerability in ASP.NET Core. CVSS score of 8.2. This vulnerability was disclosed before the patch release.
CVE-2023-36413: A Microsoft Office security feature bypass. Exploiting this vulnerability will bypass the protected mode when opening a file received via the web. The file would open in editing mode, allowing malicious code execution. The vulnerability has been disclosed before the patch release.
CVE-2023-36036: A privilege escalation vulnerability in Microsoft's Windows Cloud Files Mini Filter Driver. This vulnerability is already being exploited.
CVE-2023-36033: A privilege escalation vulnerability in the Windows DWM Core Library. The vulnerability was exploited and disclosed before the patch release.
CVE-2023-36025: A security feature bypass vulnerability in Windows SmartScreen. This vulnerability was not public before the patch release, but it was already exploited.
Three of the vulnerabilities are considered critical. CVE-2023-36397, a remote code execution vulnerability in the Windows Pragmatic General Multicast (PGM) protocol, is noteworthy as we had patches for this in prior months. But exploitation should be difficult. It will require local network access and is not typically enabled.
Read the full entry:
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+November+2023/30400/
Redline Dropped Through MSIX Package
Published: 2023-11-15
Last Updated: 2023-11-15 07:38:15 UTC
by Xavier Mertens (Version: 1)
The MSIX package file format has been in the light for a few weeks. The GHOSTPULSE malware has been identified to bypass many security controls delivered through an MSIX package. Like many operating systems, Windows can install applications by executing an executable (often called "setup.exe"), but packages are also available. Think about the well-known “.deb” for Debian/Ubuntu or “.rpm” for RedHat/CentOS. In the Windows eco-system, packages have the “.msi” extension. They have been used to deliver malware for a while (see my old diary from 2018!).
MSI packages are Composite Document Files. Like Office documents, Microsoft developed a new format and added an “x” to the extensions like .docx, .xlsx, etc. The file format is the same: it’s a ZIP archive containing all the files to be installed, but… with a nice feature: automatic execution of a PowerShell script! It's a great gift from Microsoft.
After reading the GHOSTPULSE report, I created a new hunting rule to detect ZIP archives that contain two files called “StartingScriptWrapper.ps1 “ and “config.json”. MSIX files are getting popular, and I spotted a lot of files! Here is a nice sample with a low VT score.
Read the full entry:
https://isc.sans.edu/diary/Redline+Dropped+Through+MSIX+Package/30404/
Visual Examples of Code Injection
Published: 2023-11-09
Last Updated: 2023-11-09 08:10:52 UTC
by Xavier Mertens (Version: 1)
Code injection techniques (T1055 from MITRE) is a common technique these days. It’s a nice way for an attacker to hide malicious code into a legit process. A deviation of this technique is called “Process Hollowing” where code of the legit suspended process is wiped and replaced by malicious code. Code injection is performed by calling Microsoft API calls like: VirtualAllocEx(), NtUnmapViewOfSecrio(), WriteProcessMemory(), ... (they are many others available)
When I’m teaching FOR610, many students are wondering why such API calls are provided by Microsoft to perform so dangerous actions. Indeed, there is no “hacking magic”. Microsoft supports them. for them, it’s difficult to "see" how such program behaves.
I spotted an interesting sample that perform this technique and I was able to collect “visible” information. The malware was delivered through a phishing email with a ZIP archive.
Read the full entry:
https://isc.sans.edu/diary/Visual+Examples+of+Code+Injection/30388/
Internet Storm Center Entries
Noticing command and control channels by reviewing DNS protocols (2023.11.13)
https://isc.sans.edu/diary/Noticing+command+and+control+channels+by+reviewing+DNS+protocols/30396/
Routers Targeted for Gafgyt Botnet [Guest Diary] (2023.11.09)
https://isc.sans.edu/diary/Routers+Targeted+for+Gafgyt+Botnet+Guest+Diary/30390/
Recent CVEs
CVE-2023-47246 - SysAid On-Premise before 23.3.36 allows remote attackers to execute arbitrary code by exploiting a path traversal vulnerability via writing a file to the Tomcat webroot, as observed in November 2023.
CVE-2023-36025 - Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36033 - Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2023-36036 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36397 - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-36028 - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Product: Microsoft Protected Extensible Authentication Protocol (PEAP)CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36028ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36028CVE-2023-36038 - ASP.NET Core Denial of Service VulnerabilityProduct: ASP.NET CoreCVSS Score: 8.2NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36038ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038CVE-2023-36413 - Microsoft Office Security Feature Bypass VulnerabilityProduct: Microsoft OfficeCVSS Score: 6.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36413ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36413NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36413CVE-2023-2675 - Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223.Product: Linagora TwakeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2675NVD References: - https://github.com/linagora/twake/commit/0770da3b184b5d5e71fee8251a5847a04c7cb9bc- https://huntr.dev/bounties/474d3b39-1882-4d2c-b8f7-ff9f68f14ceeCVE-2023-22388 - Memory Corruption in Multi-mode Call Processor while processing bit mask API.Product: Qualcomm 315 5G IoT ModemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22388NVD References: https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletinCVE-2023-33045 - Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.Product: Qualcomm Ar8035CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33045NVD References: https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletinCVE-2023-38547 - Veeam ONE allows unauthorized users to access SQL server connection information and potentially execute remote code on the hosting server.Product: Veeam ONECVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38547NVD References: https://www.veeam.com/kb4508CVE-2023-42283 - Tyk Gateway version 5.0.3 is vulnerable to a blind SQL injection in the api_id parameter, allowing an attacker to access and dump the database through a crafted SQL query.Product: Tyk GatewayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42283NVD References: https://github.com/andreysanyuk/CVE-2023-42283CVE-2023-42284 - Tyk Gateway version 5.0.3 allows an attacker to access and dump the database via a crafted SQL query by exploiting a Blind SQL injection in the api_version parameter.Product: Tyk GatewayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42284NVD References: https://github.com/andreysanyuk/CVE-2023-42284CVE-2023-42531 - The vulnerability in SmsController allows an attacker to bypass activity start restrictions from the background.Product: Samsung AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42531NVD References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11CVE-2023-42536 - Libsaped prior to SMR Nov-2023 Release 1 allows an attacker to trigger out-of-bounds read and write via improper input validation in saped_dec.Product: Samsung AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42536NVD References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11CVE-2023-42537 - Libsaped prior to SMR Nov-2023 Release 1 allows an attacker to cause out-of-bounds read and write due to improper input validation in get_head_crc.Product: Samsung AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42537NVD References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11CVE-2023-42538 - Libsaped prior to SMR Nov-2023 Release 1 allows an attacker to cause out-of-bounds read and write through improper input validation in saped_rec_silence.Product: Samsung AndroidCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42538NVD References: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11CVE-2023-33478, CVE-2023-33479, & CVE-2023-33481 - RemoteClinic 2.0 has multiple SQL injection vulnerabilities.Product: RemoteClinic Remote ClinicCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33478NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33479NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33481NVD References: https://github.com/remoteclinic/RemoteClinic/issues/22NVD References: https://github.com/remoteclinic/RemoteClinic/issues/23NVD References: https://github.com/remoteclinic/RemoteClinic/issues/25CVE-2023-47455 - Tenda AX1806 V1.0.0.1 has a heap overflow vulnerability due to insufficient size checking in the setSchedWifi function.Product: Tenda AX1806CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47455NVD References: https://github.com/Anza2001/IOT_VULN/blob/main/Te…
CVE-2023-36413 - Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-2675 - Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223.
CVE-2023-22388 - Memory Corruption in Multi-mode Call Processor while processing bit mask API.
CVE-2023-33045 - Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
CVE-2023-38547 - Veeam ONE allows unauthorized users to access SQL server connection information and potentially execute remote code on the hosting server.
CVE-2023-42283 - Tyk Gateway version 5.0.3 is vulnerable to a blind SQL injection in the api_id parameter, allowing an attacker to access and dump the database through a crafted SQL query.
CVE-2023-42284 - Tyk Gateway version 5.0.3 allows an attacker to access and dump the database via a crafted SQL query by exploiting a Blind SQL injection in the api_version parameter.
CVE-2023-42531 - The vulnerability in SmsController allows an attacker to bypass activity start restrictions from the background.
CVE-2023-42536 - Libsaped prior to SMR Nov-2023 Release 1 allows an attacker to trigger out-of-bounds read and write via improper input validation in saped_dec.
CVE-2023-42537 - Libsaped prior to SMR Nov-2023 Release 1 allows an attacker to cause out-of-bounds read and write due to improper input validation in get_head_crc.
CVE-2023-42538 - Libsaped prior to SMR Nov-2023 Release 1 allows an attacker to cause out-of-bounds read and write through improper input validation in saped_rec_silence.
CVE-2023-33478, CVE-2023-33479, & CVE-2023-33481 - RemoteClinic 2.0 has multiple SQL injection vulnerabilities.
CVE-2023-47455 - Tenda AX1806 V1.0.0.1 has a heap overflow vulnerability due to insufficient size checking in the setSchedWifi function.
CVE-2023-47456 - Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
CVE-2022-45357 - Lenderd 1003 Mortgage Application before version 1.75 is vulnerable to improper neutralization of formula elements in a CSV file.
CVE-2022-46802 - Product Reviews Import Export for WooCommerce from n/a through 1.4.8 improperly neutralizes formula elements in CSV files.
CVE-2022-45370 - WebToffee WordPress Comments Import & Export from n/a through 2.3.1 allows improper neutralization of formula elements in CSV files.
CVE-2023-42659 - WS_FTP Server versions prior to 8.7.6 and 8.8.4 allow authenticated Ad Hoc Transfer users to upload files to the underlying operating system using a crafted API call.
CVE-2023-47359 - Videolan VLC prior to version 3.0.20 suffers from a Heap-Based Buffer Overflow in GetPacket() due to an incorrect offset read, causing memory corruption.
CVE-2022-45360 - Scott Reilly Commenter Emails is vulnerable to improper neutralization of formula elements in a CSV file, impacting versions from n/a through 2.6.1.
CVE-2022-45810 - "Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce before version 5.5.3 improperly neutralizes formula elements in CSV files, leading to potential security issues."
CVE-2022-46801 - Paul Ryley Site Reviews allows improper neutralization of formula elements in a CSV file, affecting versions from n/a through 6.2.0.
CVE-2022-46803 - Noptin Newsletter Simple Newsletter Plugin – Noptin is vulnerable to an improper neutralization of formula elements in a CSV file.
CVE-2022-46809 - ReviewX – Multi-criteria Rating & Reviews for WooCommerce 1.6.7 and prior versions improperly neutralize formula elements in CSV files, potentially leading to code injection.
CVE-2023-46501 - BoltWire v.6.03 allows a remote attacker to obtain sensitive information through a crafted payload to the view and change admin password function.
Product: BoltWire CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46501NVD References: - https://github.com/Cyber-Wo0dy/CVE-2023-46501- https://github.com/Cyber-Wo0dy/report/blob/main/boltwire/v6.03/boltwire_improper_access_controlCVE-2023-46253 - Squidex, an open source headless CMS and content management hub, is vulnerable to arbitrary file write leading to remote code execution.Product: Squidex Content Management HubCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46253NVD References: https://github.com/Squidex/squidex/security/advisories/GHSA-phqq-8g7v-3pg5CVE-2023-46243 - XWiki Platform allows execution of arbitrary groovy code by crafting a specific URL, potentially compromising the server.Product: XWiki PlatformCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46243NVD References: - https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w- https://jira.xwiki.org/browse/XWIKI-20385CVE-2023-46676 through CVE-2023-46680 - Online Job Portal v1.0 is susceptible to multiple Uunauthenticated SQL Injection vulnerabilities.Product: Projectworlds Online Job PortalCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46676NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46677NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46678NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46679NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46680NVD References: https://fluidattacks.com/advisories/netrebkoNVD References: https://projectworlds.inCVE-2023-46785 through CVE-2023-46790, CVE-2023-46792 through CVE-2023-46800 - The Online Matrimonial Project v1.0 is prone to multiple unauthenticated SQL injection flaws.Product: Projectworlds Online Matrimonial ProjectCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46785NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46786NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46787NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46788NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46789NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46790NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46792NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46793NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46794NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46795NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46796NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46797NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46798NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46799NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46800NVD References: https://fluidattacks.com/advisories/rosNVD References: https://projectworlds.inCVE-2023-5996 - Chromium: CVE-2023-5996 Use after free in WebAudioProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5996ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5996NVD References: - https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html- https://crbug.com/1497859- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/- https://www.debian.org/security/2023/dsa-5551CVE-2023-3959 - The Zavio IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple stack-based overflows, allowing for remote code execution through insufficient buffer size validation during XML processing. Product: Zavio IP CamerasCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3959NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03CVE-2023-43755 - The Zavio IP Cameras with firmware version M2.1.6.05 are vulnerable to remote code execution due to multiple stack-based overflows during XML parsing.Product: Zavio IP CamerasCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43755NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03CVE-2023-45225 - Zavio IP Cameras with firmware version M2.1.6.05 are vulnerable to remote code execution due to multiple stack-based overflow vulnerabilities when parsing certain XML elements.Product: Zavio IP CamerasCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45225NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03CVE-2021-43609 - Spiceworks Help Desk Server before 1.3.3 is vulnerable to Blind Boolean SQL injection leading to remote code execution.Product: Spiceworks Help Desk ServerCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-43609NVD References: - https://community.spiceworks.com/blogs/help-desk-server-release-notes/3610-1-3-2-1-3-3- https://github.com/d5sec/CVE-2021-43609-POC- https://www.linkedin.com/pulse/cve-2021-43609-write-up-division5-security-4lgweCVE-2023-43791 …
CVE-2023-46253 - Squidex, an open source headless CMS and content management hub, is vulnerable to arbitrary file write leading to remote code execution.
CVE-2023-46243 - XWiki Platform allows execution of arbitrary groovy code by crafting a specific URL, potentially compromising the server.
CVE-2023-46676 through CVE-2023-46680 - Online Job Portal v1.0 is susceptible to multiple Uunauthenticated SQL Injection vulnerabilities.
CVE-2023-46785 through CVE-2023-46790, CVE-2023-46792 through CVE-2023-46800 - The Online Matrimonial Project v1.0 is prone to multiple unauthenticated SQL injection flaws.
CVE-2023-5996 - Chromium:
CVE-2023-3959 - The Zavio IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple stack-based overflows, allowing for remote code execution through insufficient buffer size validation during XML processing.
CVE-2023-43755 - The Zavio IP Cameras with firmware version M2.1.6.05 are vulnerable to remote code execution due to multiple stack-based overflows during XML parsing.
CVE-2023-45225 - Zavio IP Cameras with firmware version M2.1.6.05 are vulnerable to remote code execution due to multiple stack-based overflow vulnerabilities when parsing certain XML elements.
CVE-2021-43609 - Spiceworks Help Desk Server before 1.3.3 is vulnerable to Blind Boolean SQL injection leading to remote code execution.
Product: Spiceworks Help Desk ServerCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-43609NVD References: - https://community.spiceworks.com/blogs/help-desk-server-release-notes/3610-1-3-2-1-3-3- https://github.com/d5sec/CVE-2021-43609-POC- https://www.linkedin.com/pulse/cve-2021-43609-write-up-division5-security-4lgweCVE-2023-43791 - Label Studio has a vulnerability that allows an attacker to exploit ORM Leak vulnerability and impersonate any account to escalate privileges to a Django Super Administrator user in versions before `1.8.2`.Product: Label Studio CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43791NVD References: - https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b- https://github.com/HumanSignal/label-studio/pull/4690- https://github.com/HumanSignal/label-studio/releases/tag/1.8.2- https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5mCVE-2023-47110 - Blockreassurance module in version 5.1.4 of the software allows unauthorized modification of configuration table values via an ajax function.Product: blockreassurance moduleCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47110NVD References: https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78CVE-2023-36014 - Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityProduct: Microsoft Edge (Chromium-based)CVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36014ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014CVE-2023-36024 - Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityProduct: Microsoft Edge (Chromium-based)CVSS Score: 7.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36024ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36024CVE-2023-46729 - Sentry-javascript's unsanitized input of Next.js SDK tunnel endpoint enables arbitrary HTTP requests and response reflection to users with enabled Next.js SDK tunneling feature, fixed in version 7.77.0.Product: sentry-javascriptCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46729NVD References: - https://github.com/getsentry/sentry-javascript/commit/ddbda3c02c35aba8c5235e0cf07fc5bf656f81be- https://github.com/getsentry/sentry-javascript/pull/9415- https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-2rmr-xw8m-22q9CVE-2023-47128 - Piccolo version 1.1.1 and prior versions are vulnerable to SQL Injection via f-strings, allowing a malicious user to gain direct access to the database and modify data with the permissions associated with the database user.Product: Piccolo object-relational mappingCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47128NVD References: - https://github.com/piccolo-orm/piccolo/commit/82679eb8cd1449cf31d87c9914a072e70168b6eb- https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-xq59-7jf3-rjc6CVE-2023-36027 - Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityProduct: Microsoft Edge (Chromium-based)CVSS Score: 7.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36027ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36027CVE-2023-4804 - An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.Product: Quantum HD UnityCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4804NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01- https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesCVE-2023-6097 - ICS Business Manager version 7.06.0028.7089 is vulnerable to a SQL injection attack, enabling remote users to access, manipulate, or delete the database contents.Product: ICS Business ManagerCVSS Score: 9.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6097NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-managerCVE-2023-31403 - SAP Business One installation (version 10.0) lacks proper authentication and authorization checks for SMB shared folder, enabling unauthorized users to read, write, and execute files with severe impact on confidentiality, integrity, and availability.Product: SAP Business OneCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31403NVD References: - https://me.sap.com/notes/3355658- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-25181, CVE-2023-27882 - Weston Embedded uC-HTTP v3.01.01 heap-based buffer overflow vulnerabilities.Product: Weston Embedded uC-HTTPCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25181NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27882NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726NVD References: https://talosi…
cve-2021-43609 - write-up-division5-security-4lgwe
cve-2021-43609-write-up-division5-security-4lgwe">https://www.linkedin.com/pulse/cve-2021-43609-write-up-division5-security-4lgwe
CVE-2023-43791 - Label Studio has a vulnerability that allows an attacker to exploit ORM Leak vulnerability and impersonate any account to escalate privileges to a Django Super Administrator user in versions before `1.8.2`.
CVE-2023-47110 - Blockreassurance module in version 5.1.4 of the software allows unauthorized modification of configuration table values via an ajax function.
CVE-2023-36014 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-36024 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-46729 - Sentry-javascript's unsanitized input of Next.js SDK tunnel endpoint enables arbitrary HTTP requests and response reflection to users with enabled Next.js SDK tunneling feature, fixed in version 7.77.0.
CVE-2023-47128 - Piccolo version 1.1.1 and prior versions are vulnerable to SQL Injection via f-strings, allowing a malicious user to gain direct access to the database and modify data with the permissions associated with the database user.
CVE-2023-36027 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-4804 - An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
CVE-2023-6097 - ICS Business Manager version 7.06.0028.7089 is vulnerable to a SQL injection attack, enabling remote users to access, manipulate, or delete the database contents.
CVE-2023-31403 - SAP Business One installation (version 10.0) lacks proper authentication and authorization checks for SMB shared folder, enabling unauthorized users to read, write, and execute files with severe impact on confidentiality, integrity, and availability.
CVE-2023-25181, CVE-2023-27882 - Weston Embedded uC-HTTP v3.01.01 heap-based buffer overflow vulnerabilities.
CVE-2023-28379, CVE-2023-28391, CVE-2023-31247 - Weston Embedded uC-HTTP v3.01.01 memory corruption vulnerabilities
CVE-2023-43504 - COMOS (All versions < V10.4.4) is prone to a Structured Exception Handler (SEH) based buffer overflow, enabling attackers to execute arbitrary code or cause denial of service.
CVE-2023-43505 - COMOS (All versions) lacks proper access controls in SMB shares, enabling unauthorized file access by attackers.
CVE-2023-44373 - Siemens SCALANCE is affected by a vulnerability that allows an authenticated attacker with administrative privileges to inject malicious code or spawn a system root shell due to improper input sanitization.
CVE-2023-46601 - COMOS (All versions) lacks proper access controls in making the SQLServer connection, allowing attackers to directly query the database and access unauthorized information.
CVE-2023-34991 - Fortinet FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allow unauthorized code execution or command execution via crafted http requests due to improper neutralization of special elements used in an SQL command.
CVE-2023-36017 - Windows Scripting Engine Memory Corruption Vulnerability
CVE-2023-36018 - Visual Studio Code Jupyter Extension Spoofing Vulnerability
CVE-2023-36021 - Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
CVE-2023-36031 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36035 - Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36039 - Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36037 - Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36041 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36045 - Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-36046 - Windows Authentication Denial of Service Vulnerability
CVE-2023-36047 - Windows Authentication Elevation of Privilege Vulnerability
CVE-2023-36050 - Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36052 - Azure CLI REST Command Information Disclosure Vulnerability
CVE-2023-36392 - DHCP Server Service Denial of Service Vulnerability
CVE-2023-36393 - Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36394 - Windows Search Service Elevation of Privilege Vulnerability
CVE-2023-36395 - Windows Deployment Services Denial of Service Vulnerability
CVE-2023-36396 - Windows Compressed Folder Remote Code Execution Vulnerability
CVE-2023-36399 - Windows Storage Elevation of Privilege Vulnerability
CVE-2023-36400 - Windows HMAC Key Derivation Elevation of Privilege Vulnerability
CVE-2023-36401 - Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36402 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36403, CVE-2023-36405 - Windows Kernel Elevation of Privilege Vulnerabilities
CVE-2023-36407, CVE-2023-36408 - Windows Hyper-V Elevation of Privilege Vulnerabilities
CVE-2023-36410 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36422 - Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-36423 - Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36424 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36425 - Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-36427 - Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36439 - Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36553 - Fortinet FortiSIEM versions 5.4.0 and earlier are vulnerable to os command injection, allowing attackers to execute unauthorized code or commands via crafted API requests.
Product: Fortinet FortiSIEMCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36553NVD References: https://fortiguard.com/psirt/FG-IR-23-135CVE-2023-36560 - ASP.NET Security Feature Bypass VulnerabilityProduct: Microsoft ASP.NETCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36560ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36560CVE-2023-36705 - Windows Installer Elevation of Privilege VulnerabilityProduct: Microsoft Windows InstallerCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36705ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36705CVE-2023-36719 - Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege VulnerabilityProduct: Microsoft Speech Application Programming Interface (SAPI)CVSS Score: 8.4NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36719ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36719CVE-2023-38151 - Microsoft Host Integration Server 2020 Remote Code Execution VulnerabilityProduct: Microsoft Host Integration Server 2020CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38151ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38151CVE-2023-31273 - Intel DCM software before version 5.2 allows an unauthenticated user to potentially escalate privileges via network access due to protection mechanism failure.Product: Intel DCM softwareCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31273NVD References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.htmlCVE-2023-36007 - Microsoft Send Customer Voice survey from Dynamics 365 Spoofing VulnerabilityProduct: Microsoft Dynamics 365CVSS Score: 7.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36007ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36007CVE-2023-36049 - .NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityProduct: Microsoft .NET FrameworkCVSS Score: 7.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36049ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049CVE-2023-36437 - Azure DevOps Server Remote Code Execution VulnerabilityProduct: Azure DevOps ServerCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36437ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36437CVE-2023-45614, CVE-2023-45615 - Aruba's CLI service is susceptible to buffer overflow vulnerabilities, allowing unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211).Product: Aruba PAPICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45614NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45615NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txtCVE-2023-45616 - The vulnerability in the AirWave client service allows for unauthenticated remote code execution by sending crafted packets to the PAPI UDP port, allowing arbitrary code execution as a privileged user on the OS.Product: Aruba AirWaveCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45616NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txtCVE-2023-36034 - Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityProduct: Microsoft EdgeCVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36034ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36034CVE-2023-24023 - Mitre: CVE-2023-24023 Bluetooth VulnerabilityProduct: Mitre CVE-2023-24023 Bluetooth VulnerabilityCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24023ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24023CVE-2023-5480 - Chromium: Multiple VulnerabilitiesProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5480NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5482NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5849NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5850NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5851NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5852NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5853NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5854NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5855NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5856NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5857NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5858NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5859ISC Diary: https://isc.sans.edu/diary/30400MSFT Details: https://msrc.microsoft.com/u…
CVE-2023-36705 - Windows Installer Elevation of Privilege Vulnerability
CVE-2023-36719 - Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
CVE-2023-38151 - Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
CVE-2023-31273 - Intel DCM software before version 5.2 allows an unauthenticated user to potentially escalate privileges via network access due to protection mechanism failure.
CVE-2023-36007 - Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability
CVE-2023-36049 - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36437 - Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-45614, CVE-2023-45615 - Aruba's CLI service is susceptible to buffer overflow vulnerabilities, allowing unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211).
CVE-2023-45616 - The vulnerability in the AirWave client service allows for unauthenticated remote code execution by sending crafted packets to the PAPI UDP port, allowing arbitrary code execution as a privileged user on the OS.
CVE-2023-36034 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-24023 - Mitre:
CVE-2023-5480 - Chromium: Multiple Vulnerabilities
CVE-2017-17215 - Huawei HG532 with customized versions is vulnerable to remote code execution, allowing attackers to send malicious packets and launch exploits through port 37215, potentially leading to arbitrary code execution.
Holiday Hack Challenge 2023
Don’t miss the most festive cyber security event of the year! The 2023 SANS Holiday Hack Challenge
includes real-world challenges and a quirky holiday-themed storyline where you’ll get to save the
holiday season from a cyber attack.
Subscribe to be notified at https://www.sans.org/cyber-ranges/holiday-hack-challenge
Sponsors
Snyk
*********** Sponsored By SNYK Limited ***********AWS offers the infrastructure, services, innovation, and reliability to help run your mission-critical applications, but do you have a trusted security partner? Learn more about the challenges with shifting left, how to overcome them, a different approach to secure apps on AWS for an efficient DevSecOps model, and simplifying procurement with Snyk's latest buyer's guide Choosing a True DevSecOps Solution for Your Apps on AWS. | Download now:
CardinalOps
SANS Detection Engineering Survey | Tune in on Wed, Nov 29 as survey author Mark Orlando and invited speakers examine data from our recent survey on the state of the practice in “detection engineering” and provide guidance how to improve your capabilities in keeping up with rapidly changing threats. | Register now:
Egnyte
Take Sensitive Data Protection to the Next Level in 2024 | Join Dave Shackleford and Neil Jones from Egnyte on December 5 at 1:00pm ET as they discuss how to protect your mission-critical content without compromising employees’ productivity. | Register now:
Vectra®
AI in XDR: What it Means and Where it Fits | Join Dave Shackleford and Aaron Turner from Vectra AI on December 7 at 1:00pm ET as they discuss the importance signal clarity and the role of AI-driven threat detection and response. | Register now: