homepage
Open menu
Contact Sales

@RISK

The Consensus Security Vulnerability Alert

February 1, 2024  |  Vol. 24, Num. 05

Internet Storm Center SpotlightInternet Storm Center EntriesRecent CVEs

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Exploit Flare Up Against Older Atlassian Confluence Vulnerability

Published: 2024-01-29

Last Updated: 2024-01-29 14:01:16 UTC

by Johannes Ullrich (Version: 1)

Last October, Atlassian released a patch for CVE-2023-22515. This vulnerability allowed attackers to create new admin users in Confluence. Today, I noticed a bit a "flare up" in a specific exploit variant.

Rapid 7 published a good summary of the vulnerability. As so often, the vulnerability is pretty straightforward once you see it. During the initial setup, Confluence asks the user to configure an administrator. After setup is complete, the user needs to log in using this initial administrator account to configure additional users. Using the vulnerability, an attacker can flip the "setup complete" state. No authentication is required to do so. An attacker can first enable the initial setup behavior, us it to add a new administrator account, and complete the attack by disabling the setup page to make the application appear normal for other users.

Read the full entry:

https://isc.sans.edu/diary/Exploit+Flare+Up+Against+Older+Altassian+Confluence+Vulnerability/30600/

A Batch File With Multiple Payloads

Published: 2024-01-26

Last Updated: 2024-01-26 07:22:51 UTC

by Xavier Mertens (Version: 1)

Windows batch files (.bat) are often seen by people as very simple but they can be pretty complex or.. contain interesting encoded payloads! I found one that contains multiple payloads decoded and used by a Powershell process. The magic is behind how comments can be added to such files. The default (or very common way) is to use the "REM" keyword. But you can also use a double-colon ...

Read the full entry:

https://isc.sans.edu/diary/A+Batch+File+With+Multiple+Payloads/30592/

Facebook AdsManager Targeted by a Python Infostealer

Published: 2024-01-25

Last Updated: 2024-01-25 06:00:14 UTC

by Xavier Mertens (Version: 1)

These days, many pieces of malware are flagged as “infostealers” because, once running on the victim’s computer, they search for interesting data and exfiltrate them. Classic collected data are:

* credentials

* cookies

* cryptocurrency details

* technical information about the victim (public IP, OS version running processes, etc)

* …

Credentials and cookies are used to take over web services used by the victim. For convenience, many people use the “remember me” feature on many websites. This allows the user to come back later to the websites without the need to authenticate again for a specific amount of time (ex: 1 day, 1 week, … sometimes “forever”!)

If some cookies are fascinating (ex: access to webmail, corporate services, …), what could be a practical example of abuse? Yesterday, I found another malicious Python script that behaves like an infostealer. It collects data from the following browsers ...

Read the full entry:

https://isc.sans.edu/diary/Facebook+AdsManager+Targeted+by+a+Python+Infostealer/30590/

Internet Storm Center Entries

The Fun and Dangers of Top Level Domains (TLDs) (2024.01.31)

https://isc.sans.edu/diary/The+Fun+and+Dangers+of+Top+Level+Domains+TLDs/30608/

What did I say to make you stop talking to me? (2024.01.30)

https://isc.sans.edu/diary/What+did+I+say+to+make+you+stop+talking+to+me/30604/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.


CVE-2023-22527 - Atlassian Confluence Data Center and Server Template Injection Vulnerability

Product: Atlassian Confluence Data Center and Server 

CVSS Score: 0

** KEV since 2024-01-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22527

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8820



CVE-2023-22515 - Atlassian Confluence Data Center and Server Broken Access Control Vulnerability

Product: Atlassian Confluence Data Center and Server 

CVSS Score: 0

** KEV since 2023-10-05 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22515

ISC Diary: https://isc.sans.edu/diary/30600



CVE-2024-23222 - Apple Multiple Products Type Confusion Vulnerability

Product: Apple iOS, iPadOS, macOS, Safari, and tvOS

CVSS Score: 8.8

** KEV since 2024-01-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23222

NVD References: 

- https://support.apple.com/en-us/HT214055

- https://support.apple.com/en-us/HT214056

- https://support.apple.com/en-us/HT214057

- https://support.apple.com/en-us/HT214058

- https://support.apple.com/en-us/HT214059

- https://support.apple.com/en-us/HT214061

- https://support.apple.com/en-us/HT214063



CVE-2024-23897 - Jenkins 2.441 and earlier allows unauthenticated attackers to read arbitrary files by exploiting a feature in its CLI command parser.

Product: Jenkins

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23897

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8828

NVD References: 

- http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html

- http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html

- https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314



CVE-2024-21326 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Product: Microsoft Edge (Chromium-based)

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21326

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21326



CVE-2024-0769 - The D-Link DIR-859 1.06B01 is vulnerable to a critical path traversal issue in the HTTP POST Request Handler component, allowing remote attackers to exploit it even though it is no longer supported and should be retired.

Product: D-Link DIR-859

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0769

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8824



CVE-2024-22651 - There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.

Product: D-Link DIR-815 router

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22651

NVD References: https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md



CVE-2024-22751 - D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.

Product: D-Link DIR-882 A1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22751

NVD References: 

- https://github.com/5erua/vuls/blob/main/dir882.md

- https://www.dlink.com/en/security-bulletin/



CVE-2024-23624 - D-Link DAP-1650 devices are vulnerable to a command injection attack, allowing an unauthenticated attacker to execute commands on the device as root.

Product: D-Link DAP-1650

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23624

NVD References: https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/



CVE-2024-23625 - D-Link DAP-1650 devices are vulnerable to command injection, allowing unauthenticated attackers to gain root-level command execution.

Product: D-Link DAP-1650

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23625

NVD References: https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/



CVE-2024-0204 - Fortra's GoAnywhere MFT prior to 7.4.1 allows unauthorized creation of an admin user via the administration portal, bypassing authentication.

Product: Fortra GoAnywhere MFT

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0204

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8822



CVE-2024-22076 - MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution.

Product: MyQ Print Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22076

NVD References: 

- https://docs.myq-solution.com/en/print-server/8.2/

- https://docs.myq-solution.com/en/print-server/8.2/technical-changelog#id-%288.2%29ReleaseNotes-8.2%28Patch43%29



CVE-2024-22660 - TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg

Product: Totolink A3700R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22660

NVD References: https://github.com/Covteam/iot_vuln/tree/main/setLanguageCfg



CVE-2024-22662 - TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules

Product: Totolink A3700R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22662

NVD References: https://github.com/Covteam/iot_vuln/tree/main/setParentalRules



CVE-2024-22663 - TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg

Product: Totolink A3700R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22663

NVD References: https://github.com/Covteam/iot_vuln/tree/main/setOpModeCfg2



CVE-2023-52038 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.

Product: Totolink X6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52038

NVD References: https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.md



CVE-2023-52039 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.

Product: Totolink X6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52039

NVD References: https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.md



CVE-2023-52040 - An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.

Product: Totolink X6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52040

NVD References: https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.md



CVE-2024-22203 - Whoogle Search prior to 0.8.4 allows server-side request forgery due to unvalidated user-controlled variables, leading to unauthorized access to internal and external resources on behalf of the server.

Product: Benbusby Whoogle Search

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22203

NVD References: 

- https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda

-https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/



CVE-2024-22205 - Whoogle Search versions 0.8.3 and prior allow for server-side request forgery due to unsanitized user input in the `window` endpoint, allowing unauthorized access to internal and external resources, fixed in version 0.8.4.

Product: Benbusby Whoogle Search

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22205

NVD References: 

- https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda

- https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/



CVE-2024-23636 - SOFARPC, a Java RPC framework, allows an attack through a gadget chain that overcomes its blacklist mechanism, posing a security risk prior to version 5.12.0.

Product: SOFARPC

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23636

NVD References: 

- https://github.com/sofastack/sofa-rpc/commit/42d19b1b1d14a25aafd9ef7c219c04a19f90fc76

- https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-7q8p-9953-pxvr



CVE-2023-51210 - Webkul Bundle Product 6.0.1 is vulnerable to SQL injection that allows remote code execution via the id_product parameters in the UpdateProductQuantity function.

Product: Webkul Bundle Product

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51210

NVD References: https://medium.com/%40nasir.synack/uncovering-critical-vulnerability-cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91



CVE-2023-52221 - UkrSolution Barcode Scanner and Inventory manager is vulnerable to Unrestricted Upload of File with Dangerous Type.

Product: Ukrsolution Barcode Scanner And Inventory Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52221

NVD References: https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve



CVE-2024-22284 - Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.

Product: Asgaros Forum

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22284

NVD References: https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve



CVE-2024-22309 - Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.

Product: QuantumCloud AI ChatBot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22309

NVD References: https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-5-1-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve



CVE-2024-0822 - Overt-engine allows the creation of unauthorized users due to an authentication bypass vulnerability in CreateUserSession command.

Product: Overt-engine CreateUserSession

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0822

NVD References: 

- https://access.redhat.com/security/cve/CVE-2024-0822

- https://bugzilla.redhat.com/show_bug.cgi?id=2258509



CVE-2023-7227 - SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior allow attackers to execute arbitrary commands with root privileges via a command injection vulnerability in the DDNS settings.

Product: SystemK NVR 504/508/516

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7227

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-02



CVE-2024-0884 - SourceCodester Online Tours & Travels Management System 1.0 is vulnerable to a critical remote SQL injection in payment.php (function exec), allowing attackers to manipulate the id argument and potentially exploit the system.

Product: Mayurik Online Tours & Travels Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0884

NVD References: 

- https://blog.csdn.net/Q_M_0_9/article/details/135846415

- https://vuldb.com/?ctiid.252035

- https://vuldb.com/?id.252035



CVE-2024-22638 - liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php.

Product: Livesite 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22638

NVD References: https://packetstormsecurity.com/files/176420/liveSite-2019.1-Remote-Code-Execution.html



CVE-2024-22922 - Projectworlds Vistor Management System in PHP v1.0 is vulnerable to privilege escalation through a crafted script sent to the login page in POST/index.php, enabling remote attackers to gain elevated privileges.

Product: Projectworlds Visitor Management System In PHP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22922

NVD References: 

- http://projectworlds.com

- http://visitor.com

- https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md



CVE-2024-23613 - Symantec Deployment Solution version 7.9 is vulnerable to a buffer overflow allowing remote code execution as SYSTEM.

Product: Symantec Deployment Solution

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23613

NVD References: https://blog.exodusintel.com/2024/01/25/symantec-deployment-solution-axengine-exe-buffer-overflow-remote-code-execution



CVE-2024-23614 - Symantec Messaging Gateway versions 9.5 and before are vulnerable to a remote code execution flaw due to a buffer overflow vulnerability.

Product: Symantec Messaging Gateway

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23614

NVD References: https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/



CVE-2024-23615 - Symantec Messaging Gateway versions 10.5 and before are vulnerable to a remote code execution as root due to a buffer overflow.

Product: Symantec Messaging Gateway

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23615

NVD References: https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/



CVE-2024-23616 - Symantec Server Management Suite version 7.9 and before is vulnerable to a buffer overflow that allows remote code execution as SYSTEM.

Product: Symantec Server Management Suite

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23616

NVD References: https://blog.exodusintel.com/2024/01/25/symantec-server-management-suite-axengine-exe-buffer-overflow-remote-code-execution/



CVE-2024-23617 - Symantec Data Loss Prevention versions 14.0.2 and before are vulnerable to a remote code execution exploit via a crafted document.

Product: Symantec Data Loss Prevention

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23617

NVD References: https://blog.exodusintel.com/2024/01/25/symantec-data-loss-prevention-wp6sr-dll-stack-buffer-overflow-remote-code-execution/



CVE-2024-23618 - Arris SURFboard SGB6950AC2 devices are susceptible to an arbitrary code execution vulnerability, granting unauthorized attackers root-level code execution.

Product: Arris SURFboard SGB6950AC2

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23618

NVD References: https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/



CVE-2024-23619 - IBM Merge Healthcare eFilm Workstation has a hardcoded credential vulnerability that allows remote attackers to achieve information disclosure or remote code execution.

Product: IBM Merge Healthcare eFilm Workstation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23619

NVD References: https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure/



CVE-2024-23621 - IBM Merge Healthcare eFilm Workstation license server allows remote code execution due to a buffer overflow vulnerability which can be exploited by an unauthenticated attacker.

Product: IBM Merge Healthcare eFilm Workstation license server

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23621

NVD References: https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-buffer-overflow/



CVE-2024-23622 - IBM Merge Healthcare eFilm Workstation license server allows a remote attacker to achieve remote code execution with SYSTEM privileges due to a stack-based buffer overflow vulnerability.

Product: IBM Merge Healthcare eFilm Workstation

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23622

NVD References: https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-copysls_request3-buffer-overflow/



CVE-2024-23626 - Motorola MR2600 is vulnerable to command injection, allowing remote attackers to execute arbitrary commands by exploiting the 'SaveSysLogParams' parameter, with the possibility of bypassing authentication.

Product: Motorola MR2600

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23626

NVD References: https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/



CVE-2024-23627 - Motorola MR2600 is susceptible to a command injection vulnerability in the 'SaveStaticRouteIPv4Params' parameter, allowing remote authenticated attackers to execute arbitrary commands with possible authentication bypass.

Product: Motorola MR2600

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23627

NVD References: https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv4params-command-injection-vulnerability/



CVE-2024-23628 - Motorola MR2600 is vulnerable to command injection in the 'SaveStaticRouteIPv6Params' parameter, allowing remote attackers to achieve command execution by bypassing authentication.

Product: Motorola MR2600

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23628

NVD References: https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/



CVE-2024-23629 - Motorola MR2600 web component allows an attacker to bypass authentication and retrieve sensitive information.

Product: Motorola MR2600

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23629

NVD References: https://blog.exodusintel.com/2024/01/25/motorola-mr2600-authentication-bypass-vulnerability/



CVE-2024-23630 - Motorola MR2600 is vulnerable to an arbitrary firmware upload, allowing authenticated attackers to achieve code execution by bypassing authentication.

Product: Motorola MR2600

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23630

NVD References: https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/



CVE-2024-0402 - GitLab CE/EE versions prior to 16.6.6, 16.7.4, and 16.8.1 allow authenticated users to write files to arbitrary locations on the server while creating a workspace.

Product: GitLab CE/EE

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0402

NVD References: 

- https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/

- https://gitlab.com/gitlab-org/gitlab/-/issues/437819



CVE-2024-20253 - Cisco Unified Communications and Contact Center Solutions products are vulnerable to unauthorized remote code execution due to improper processing of user-provided data, allowing an attacker to execute arbitrary commands with web services user privileges and potentially gain root access to the affected device.

Product: Cisco Unified Communications and Contact Center Solutions products

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20253

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm



CVE-2023-6200 - Linux Kernel has a race condition that allows code execution when an adjacent network attacker sends an ICMPv6 router advertisement packet.

Product: Linux Kernel

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6200

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8830

NVD References: 

- https://access.redhat.com/security/cve/CVE-2023-6200

- https://bugzilla.redhat.com/show_bug.cgi?id=2250377

- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e



CVE-2024-1015 - E-elektronic GmbH E-DDC3.3 has a remote command execution vulnerability (versions 03.07.03 and higher) that allows attackers to send unauthorized commands through the web configuration functionality.

Product: SE-elektronic GmbH E-DDC3.3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1015

NVD References: 

- https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html

- https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products



CVE-2024-23827 - Nginx-UI allows arbitrary write into the system through the Import Certificate feature, leading to remote code execution.

Product: Nginx-UI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23827

NVD References: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m



CVE-2023-6943 - Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later, and MX OPC Server DA/UA all versions allow remote unauthenticated attacker to execute malicious code through RPC with path to a malicious library.

Product: Mitsubishi Electric Corporation EZSocket

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6943

NVD References: 

- https://jvn.jp/vu/JVNVU95103362

- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf



CVE-2023-5389 - Honeywell Experion VirtualUOC and UOC allow file modification, potentially enabling an attacker to execute a malicious application.

Product: Honeywell Experion VirtualUOC and UOC

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5389

NVD References: 

- https://process.honeywell.com

- https://www.honeywell.com/us/en/product-security



CVE-2023-6549 - Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Product: Citrix Netscaler_Gateway 

CVSS Score: 0

** KEV since 2024-01-17 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6549