SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft January 2024 Patch Tuesday
Published: 2024-01-10
Last Updated: 2024-01-10 00:38:10 UTC
by Johannes Ullrich (Version: 1)
Microsoft today surprised with a light patch Tuesday. We only received 48 patches for Microsoft products and four for Chromium, affecting Microsoft Edge. Only two of the 48 patches are rated critical; none had been disclosed or exploited before today. The update also includes an SQLite patch affecting Microsoft products. This issue fixed the "Stranger Strings" vulnerability, patched in 2022 in the open-source version of SQLite.
The critical Kerberos vulnerability is interesting and should be patched quickly. It may allow an attacker with a MitM position to impersonate a Kerberos server and bypass authentication. Kerberos weaknesses have been abused in these scenarios in the past, and obtaining a MitM position is typically not that difficult after the perimeter of a network has been breached.
Read the full entry: https://isc.sans.edu/diary/Microsoft+January+2024+Patch+Tuesday/30548
Jenkins Brute Force Scans
Published: 2024-01-09
Last Updated: 2024-01-09 17:17:36 UTC
by Johannes Ullrich (Version: 1)
Our honeypots saw a number of scans for "/j_acegi_security_check" the last two days. This URL has not been hit much lately, but was hit pretty hard last March. The URL is associated with Jenkins, and can be used to brute force passwords.
A typical request seen by our honeypots ...
The body of the request URL decodes to ...
The Chinese characters at the end translate to "Log in," indicating that this request may have been originally based on a Chinese language version of Jenkins. I have observed usernames like admin, 1, 123, adminadmin, root. The intent of this particular query may be to test if the server is running Jenkins and not an actual brute-force attempt. But it is always difficult to guess a particular attack's intent. The honeypot is not attempting to emulate Jenkins at this point (something we may need to add to our agile honeypots soon).
Read the full entry: https://isc.sans.edu/diary/Jenkins+Brute+Force+Scans/30546/
Suspicious Prometei Botnet Activity
Published: 2024-01-07
Last Updated: 2024-01-07 20:23:34 UTC
by Guy Bruneau (Version: 1)
On the 31 Dec 2023, after trying multiple username/password combination, actor using IP 194.30.53.68 successfully loging to the honeypot and uploaded eight files where 2 of them are protected with a 7zip password (updates1.7z & updates2.7z). Some of these files have been identified to be related to the Prometei trojan by Virustotal. The file sqhost.exe was last found by Talos used with the Prometei botnet as a trojan coin miner.
Read the full entry: https://isc.sans.edu/diary/Suspicious+Prometei+Botnet+Activity/30538/
What is that User Agent? (2024.01.08)
https://isc.sans.edu/diary/What+is+that+User+Agent/30536/
Are you sure of your password? (2024.01.06)
https://isc.sans.edu/diary/Are+you+sure+of+your+password/30534/
Netstat, but Better and in PowerShell (2024.01.05)
https://isc.sans.edu/diary/Netstat+but+Better+and+in+PowerShell/30532/
Wireshark updates (2024.01.04)
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: Linux KernelCVSS Score: 6.7NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0193ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8802NVD References: - https://access.redhat.com/security/cve/CVE-2024-0193- https://bugzilla.redhat.com/show_bug.cgi?id=2255653CVE-2023-32874 - The Modem IMS Stack is vulnerable to an out of bounds write, allowing remote code execution without additional privileges or user interaction.Product: Mediatek LR13CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32874NVD References: https://corp.mediatek.com/product-security-bulletin/January-2024CVE-2023-33025 - Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.Product: Qualcomm AR8035CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33025NVD References: https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletinCVE-2023-6436 - Ekol Informatics Website Template is vulnerable to SQL injection.Product: Ekolbilisim Web Sablonu YazilimiCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6436NVD References: https://www.usom.gov.tr/bildirim/tr-24-0001CVE-2023-4280 - Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows unauthorized access to trusted memory.Product: Silabs Gecko Software Development KitCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4280NVD References: - https://community.silabs.com/069Vm0000004NinIAE- https://github.com/SiliconLabs/gecko_sdkCVE-2023-48419 - Google Home devices in the wifi vicinity of an attacker can be exploited to spy on users, leading to Elevation of Privilege.Product: Google Nest AudioCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48419NVD References: https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA#zippy=%2CspeakersCVE-2023-50711 - vmm-sys-util versions 0.5.0 to 0.12.0 allow out of bounds memory accesses in the `FamStructWrapper::deserialize` implementation due to a lack of length verification in the header.Product: Rust-Vmm Vmm-Sys-UtilCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50711NVD References: - https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167- https://github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9CVE-2023-47458 - SpringBlade v.3.7.0 and before lacks permissions control framework, enabling remote attackers to escalate privileges.Product: Bladex SpringbladeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47458NVD References: - http://springblade.com- https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a- https://gitee.com/smallc/SpringBladeCVE-2024-0194 - CodeAstro Internet Banking System up to 1.0 allows remote attackers to upload arbitrary files due to unrestricted upload capabilities in the Profile Picture Handler component.Product: Codeastro Internet Banking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0194NVD References: - https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing- https://vuldb.com/?ctiid.249509- https://vuldb.com/?id.249509CVE-2024-0195 - Spider-flow 0.4.3 is vulnerable to a critical code injection attack in the FunctionService.saveFunction function of the file src/main/java/org/spiderflow/controller/FunctionController.java, allowing remote exploitation; the vulnerability has been publicly disclosed and assigned the identifier VDB-249510.Product: Ssssssss Spider-FlowCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0195NVD References: - https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md- https://vuldb.com/?ctiid.249510- https://vuldb.com/?id.249510CVE-2024-21623 - OTClient is vulnerable to expression injection in Actions, allowing an attacker to run remote commands, leak secrets, and alter the repository.Product: Mehah OTClientCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21623NVD References: - https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104- https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254- https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589- https://securitylab.github.com/research/github-actions-preventing-pwn-requests/- https://securitylab.github.com/research/github-actions-untrusted-input/CVE-2023-6339 - Google Nest WiFi Pro root code-execution & user-data compromiseProduct: Google Nest WiFi ProCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6339NVD References: - https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA- https://vuldb.com/?id.249563CVE-2024-21632 - "Omniauth-microsoft_graph version prior to 2.0.0 allows for account takeover due to lack of validation of the `email` attribute, posing a ris…
Product: Codeastro Internet Banking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0194NVD References: - https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing- https://vuldb.com/?ctiid.249509- https://vuldb.com/?id.249509CVE-2024-0195 - Spider-flow 0.4.3 is vulnerable to a critical code injection attack in the FunctionService.saveFunction function of the file src/main/java/org/spiderflow/controller/FunctionController.java, allowing remote exploitation; the vulnerability has been publicly disclosed and assigned the identifier VDB-249510.Product: Ssssssss Spider-FlowCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0195NVD References: - https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md- https://vuldb.com/?ctiid.249510- https://vuldb.com/?id.249510CVE-2024-21623 - OTClient is vulnerable to expression injection in Actions, allowing an attacker to run remote commands, leak secrets, and alter the repository.Product: Mehah OTClientCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21623NVD References: - https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104- https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254- https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589- https://securitylab.github.com/research/github-actions-preventing-pwn-requests/- https://securitylab.github.com/research/github-actions-untrusted-input/CVE-2023-6339 - Google Nest WiFi Pro root code-execution & user-data compromiseProduct: Google Nest WiFi ProCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6339NVD References: - https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA- https://vuldb.com/?id.249563CVE-2024-21632 - "Omniauth-microsoft_graph version prior to 2.0.0 allows for account takeover due to lack of validation of the `email` attribute, posing a risk when used as a trusted user identifier in nOAuth configuration."Product: Recognizeapp Omniauth\\CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21632NVD References: - https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1- https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj- https://www.descope.com/blog/post/noauthCVE-2023-50351 - HCL DRYiCE MyXalytics is affected by an insecure key rotation mechanism that enables attackers to compromise data confidentiality or integrity.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50351NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-45722 - HCL DRYiCE MyXalytics is vulnerable to path traversal arbitrary file read, allowing potential exploits to disrupt or take over the application by accessing files outside of the restricted directory.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45722NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-45723 - HCL DRYiCE MyXalytics is affected by a path traversal vulnerability enabling unauthorized file uploads and manipulation of file storage location on the server.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45723NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-45724 - HCL DRYiCE MyXalytics product is vulnerable to unauthenticated file upload, allowing the upload of a specific file without requiring user authentication.Product: HCLtech Dryice MyXalyticsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45724NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608CVE-2023-46308 - In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.Product: Plotly.JsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46308NVD References: - https://github.com/plotly/plotly.js/releases/tag/v2.25.2- https://plotly.com/javascript/CVE-2023-52304, CVE-2023-52307, CVE-2023-52309 through CVE-2023-52311, CVE-2023-52314 - Multiple Vulnerabilities in PaddlePaddle before 2.6.0Product: PaddlePaddle CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52304NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52307NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52309NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52310NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52311NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52314NVD References: - https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md- https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md- https://github.…
Product: Perfood CouchauthCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39655NVD References: - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-39655- https://www.npmjs.com/package/%40perfood/couch-authCVE-2023-50253 - Laf cloud development platform versions 1.0.0-beta.13 and prior allow authenticated users to obtain any pod logs under the same namespace, resulting in unauthorized access to sensitive information.Product: Laf cloud development platformCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50253NVD References: - https://github.com/labring/laf/pull/1468- https://github.com/labring/laf/security/advisories/GHSA-g9c8-wh35-g75fCVE-2023-50090 - Ureport2 2.2.9 and earlier versions allow arbitrary file writing and command execution through a crafted POST request in the saveReportFile method.Product: Ureport2 Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50090NVD References: - https://github.com/advisories/GHSA-445x-c8qq-qfr9- https://lemono.fun/thoughts/UReport2-RCE.htmlCVE-2024-0222 - Chromium: CVE-2024-0222 Use after free in ANGLEProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0222ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0222NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1501798- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2024-0223 - Chromium: CVE-2024-0223 Heap buffer overflow in ANGLEProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0223ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0223NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1505009- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2024-0224 - Chromium: CVE-2024-0224 Use after free in WebAudioProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0224ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0224NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1505086- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2024-0225 - Chromium: CVE-2024-0225 Use after free in WebGPUProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0225ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0225NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html- https://crbug.com/1506923- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/CVE-2023-49622, CVE-2023-49624, CVE-2023-49625, CVE-2023-49633, CVE-2023-49639, CVE-2023-49658, CVE-2023-49665, CVE-2023-49666 - Multiple unauthenticated SQL Injection vulnerabilities in Billing Software v1.0.Product: Kashipara Billing SoftwareCVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49622NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49624NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49625NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49633NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49639NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49658NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49665NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49666NVD References: - https://fluidattacks.com/advisories/zimerman/- https://www.kashipara.com/CVE-2023-50743, CVE-2023-50752, CVE-2023-50753 - Multiple unauthenticated SQL Injection vulnerabilities in Online Notice Board System v1.0. Product: Kashipara Online Notice Board SystemCVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50743NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50752NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50753NVD References: - https://fluidattacks.com/advisories/perahia/- https://www.kashipara.com/CVE-2023-50862 through CVE-2023-50867 - Multiple una…
Product: Stud.IP 5.x through 5.3.3CVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50982NVD References: - https://gitlab.studip.de/studip/studip/-/tags- https://rehmeinfosec.de/labor/cve-2023-50982- https://sourceforge.net/projects/studip/files/Stud.IP/5.4/CVE-2023-52200 - ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup is vulnerable to Cross-Site Request Forgery (CSRF) and Deserialization of Untrusted Data.Product: Repute Infosystems ARMember – Membership PluginCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52200NVD References: https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cveCVE-2023-52205 - SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free before 2.8.0 suffers from a deserialization vulnerability when processing untrusted data.Product: SVNLabs Softwares HTML5 SoundCloud Player with Playlist FreeCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52205NVD References: https://patchstack.com/database/vulnerability/html5-soundcloud-player-with-playlist/wordpress-html5-soundcloud-player-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cveCVE-2023-52202 - HTML5 MP3 Player with Folder Feedburner Playlist Free is vulnerable to a Deserialization of Untrusted Data vulnerability from n/a through 2.8.0.Product: SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist FreeCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52202NVD References: https://patchstack.com/database/vulnerability/html5-mp3-player-with-mp3-folder-feedburner-playlist/wordpress-html5-mp3-player-with-folder-feedburner-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cveCVE-2024-21663 - Discord-Recon is vulnerable to remote code execution, allowing attackers to execute shell commands in the server without admin privileges, but this has been fixed in version 0.0.8.Product: Discord-Recon CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21663NVD References: - https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a- https://github.com/DEMON1A/Discord-Recon/issues/23- https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7CVE-2024-21646 - Azure uAMQP, a general purpose C library for AMQP 1.0, is vulnerable to remote code execution due to an integer overflow or wraparound or memory safety issue when receiving crafted binary type data, but has been patched in release 2024-01-01. Product: Microsoft Azure uAMQPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21646NVD References: - https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe- https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpvCVE-2023-7220 - Totolink NR1800X 9.1.0u.6279_B20210910 is vulnerable to a critical stack-based buffer overflow in the loginAuth function of the file /cgi-bin/cstecgi.cgi, allowing for remote attacks via manipulation of the password argument, with the exploit publicly disclosed as VDB-249854.Product: Totolink NR1800XCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7220NVD References: - https://github.com/jylsec/vuldb/blob/main/TOTOLINK/NR1800X/1/README.md- https://vuldb.com/?ctiid.249854- https://vuldb.com/?id.249854CVE-2023-49621 - SIMATIC CN 4100 (All versions < V2.7) uses default admin credentials, allowing an attacker to gain complete control of the device.Product: SIMATIC vulnerablityCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49621NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdfCVE-2023-51438 - SIMATIC IPC1047E, SIMATIC IPC647E, SIMATIC IPC847E are vulnerable to unauthorized access through the Redfish server in default installations of maxView Storage Manager.Product: SIMATIC maxView Storage ManagerCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51438NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdfCVE-2023-5347 - Korenix JetNet Series devices are vulnerable to improper verification of cryptographic signature, allowing the replacement of the entire operating system, including Trusted Executables.Product: Korenix JetNet SeriesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5347NVD References: - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series/- https://www.beijerelectronics.com/en/support/Help___online?docId=69947CVE-2023-7221 - Totolink T6 4.1.9cu.5241_B20210923 is vulnerable to a critical buffer overflow in the component HTTP POST Request Handler's function main due to the manipulation of the argument v41, allowing remote attackers to initiate attacks; exploit details have been publicly disclosed under the identifier VDB-249855 with no response from the vendor.Product: Totolink T6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/d…
Product: Totolink T6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7221NVD References: - https://github.com/jylsec/vuldb/blob/main/TOTOLINK/T6/1/README.md- https://vuldb.com/?ctiid.249855- https://vuldb.com/?id.249855CVE-2024-0056 - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass VulnerabilityProduct: Microsoft.Data.SqlClient and System.Data.SqlClientCVSS Score: 8.7NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0056ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056CVE-2024-20652 - Windows HTML Platforms Security Feature Bypass VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20652ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20652CVE-2024-20653 - Microsoft Common Log File System Elevation of Privilege VulnerabilityProduct: Microsoft Common Log File SystemCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20653ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20653CVE-2024-20654 - Microsoft ODBC Driver Remote Code Execution VulnerabilityProduct: Microsoft ODBC DriverCVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20654ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654CVE-2024-20656 - Visual Studio Elevation of Privilege VulnerabilityProduct: Microsoft Visual StudioCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20656ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656CVE-2024-20657 - Windows Group Policy Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20657ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20657CVE-2024-20658 - Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityProduct: Microsoft Virtual Hard DiskCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20658ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20658CVE-2024-20661 - Microsoft Message Queuing Denial of Service VulnerabilityProduct: Microsoft Message QueuingCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20661ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20661CVE-2024-20672 - .NET Core and Visual Studio Denial of Service VulnerabilityProduct: Microsoft .NET Core and Visual StudioCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20672ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20672CVE-2024-20676 - Azure Storage Mover Remote Code Execution VulnerabilityProduct: Microsoft Azure Storage MoverCVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20676ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20676 CVE-2024-20677 - Microsoft Office Remote Code Execution VulnerabilityProduct: Microsoft OfficeCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20677ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677CVE-2024-20681 - Windows Subsystem for Linux Elevation of Privilege VulnerabilityProduct: Microsoft WindowsCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20681ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20681CVE-2024-20682 - Windows Cryptographic Services Remote Code Execution VulnerabilityProduct: Microsoft Windows Cryptographic ServicesCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20682ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20682CVE-2024-20683, CVE-2024-20686 - Win32k Elevation of Privilege VulnerabilitiesProduct: Microsoft Win32kCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20683NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20686ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20683MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686CVE-2024-20687 - Microsoft AllJoyn API Denial of Service VulnerabilityProduct: Microsoft AllJoyn APICVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20687ISC Diary: https://isc.sans.edu/diary/30548MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20687CVE-2024-20696, CVE-2024-20697 - Window…
*********** Sponsored By CrashPlan ***********Do You Know Where Your Data Is? In our newly released survey, SANS is seeking insight into the amount and makeup of data that exists on on user endpoints versus central data stores, along with the rigor and effectiveness of policies that either restrict or support storing data on user endpoints. Share your thoughts with us, complete the survey for a chance to win a $250 Amazon gift card!
Join us for the CTI Summit Solutions Track 2024 on Jan 30 at 9:20am ET! Led by Ismael Valenzuela, invited guest speakers from leading CTI organizations will dive into cutting-edge CTI case studies while highlighting how the integration of AI technologies can provide unprecedented insights and advantages. | Register now:
2023 OT Cybersecurity Year in Review Executive Briefing | Join Dragos CEO and SANS Fellow Robert M. Lee on Feb 23 at 10:30am ET for a look at the most important OT cybersecurity events and lessons learned in 2023. | Register now: