December 1, 2023

The US CISA has added another set of actively exploited flaws to its Known Exploited Vulnerabilities Catalog.

CVE-2022-47986 with a CVSS score: 9.8 – IBM Aspera Faspex Code Execution Vulnerability:

A remote attacker can trigger the vulnerability to execute arbitrary code on the system. The issue is caused by a YAML deserialization issue. Researchers from Shadowserver Foundation confirmed the active exploitation of the vulnerability in the wild.

Advertisements

CVE-2022-41223 with a CVSS score: 6.8 – Mitel Mi Voice Connect Code Injection Vulnerability:

An authenticated attacker with internal network access can trigger the flaw to execute code within the context of the application.

CVE-2022-40765 with a CVSS score: 6.8 – The Mitel Edge Gateway component of Mi Voice Connect:

An authenticated attacker with internal network access to execute commands within the context of the system.

CISA orders federal agencies to fix this flaw by March 14, 2023.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023
%d bloggers like this: