Posts tagged Emergent Threat Response

2 min Emergent Threat Response

Ransomware Campaign Compromising VMware ESXi Servers

Hosting provider OVH and French CERT has issued a warning about a ransomware campaign that appears to be using CVE-2021-21974 to target VMware ESXi servers.
3 min Emergent Threat Response

Exploitation of GoAnywhere MFT zero-day vulnerability

A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.
1 min Emergent Threat Response

Exploitation of Control Web Panel CVE-2022-44877

Security researcher Numan Türle published a proof-of-concept exploit for CVE-2022-44877 in early January. Successful exploitation has since been observed in the wild.
7 min Emergent Threat Response

CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability

Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a vulnerability impacting at least 24 ManageEngine products.
2 min Emergent Threat Response

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.
1 min Emergent Threat Response

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.

2 min Emergent Threat Response

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Today FortiGuard Labs published advisory FG-IR-22-398 regarding a “heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN. FortiGuard Labs has confirmed at least one instance of the vulnerability being exploited in the wild.
2 min Emergent Threat Response

CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 [http://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516] announcing fixes for three vulnerabilities: * CVE-2022-27510 [http://nvd.nist.gov/vuln/detail/CVE-2022-27510] “Unauthorized access to Gateway user capabilities” * CVE-2022-27513 [http://nvd.nist.gov/vuln/detai
1 min Emergent Threat Response

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate.
1 min Emergent Threat Response

Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)

CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input.
3 min Emergent Threat Response

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

The Rapid7 research team will update this blog post as we learn more details about this vulnerability and its attack surface area. The OpenSSL [http://www.openssl.org/] project released [http://www.openssl.org/news/cl30.txt] version 3.0.7 on November 1, 2022, to address CVE-2022-3786 and CVE-2022-3602 [http://www.openssl.org/news/secadv/20221101.txt], two high-severity vulnerabilities affecting OpenSSL’s 3.0.x version stream discovered and reported by Polar Bear and Viktor Dukhovni. OpenSSL

1 min Risk Management

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.
3 min Emergent Threat Response

CVE-2022-42889: Keep Calm and Stop Saying "Text4Shell"

UPDATE 10/18/22: A previous version of this blog indicated that five JDK versions (JDK 15+) were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC [http://twitter.com/pwntester/status/1582321752566161409]came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so this issue can be exploited on any JDK where a relevant engine can be leveraged. CVE-2022-42889, which some have begun calling “Text4Shell,”

2 min Emergent Threat Response

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.
3 min Emergent Threat Response

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.

Popular Topics

Tags