September 25, 2023

The US CISA adds Intel, Terramaster, GoAnywhere MFT flaws, respectively tracked as CVE-2015-2291, CVE-2022-24990 and CVE-2023-0669 to its Known Exploited Vulnerabilities Catalog.

The first flaw tracked as CVE-2015-2291 with a CVSS score of 7.8 resides in Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service.

Advertisements

The second flaw tracked as CVE-2022-24990, Terramaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint. TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

The third flaw tracked as CVE-2023-0669, resides GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker controlled object. This issue was patched in version 7.1.2

Organisations are advised to fix the vulnerability following OEM advisory and given a due date as 3rd March 2023.

Tags:

Leave a Reply

You may have missed

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023

Air Canada Reveals Data Exposure due to a Cyberattack

September 23, 2023

SandMan APT Group in action against Telcos

September 22, 2023
%d bloggers like this: