March 28, 2023

The US CISA adds Intel, Terramaster, GoAnywhere MFT flaws, respectively tracked as CVE-2015-2291, CVE-2022-24990 and CVE-2023-0669 to its Known Exploited Vulnerabilities Catalog.

The first flaw tracked as CVE-2015-2291 with a CVSS score of 7.8 resides in Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service.

Advertisements

The second flaw tracked as CVE-2022-24990, Terramaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint. TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

The third flaw tracked as CVE-2023-0669, resides GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker controlled object. This issue was patched in version 7.1.2

Organisations are advised to fix the vulnerability following OEM advisory and given a due date as 3rd March 2023.

Tags:

Leave a Reply

You may have missed

Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
%d bloggers like this: