December 1, 2023

The US CISA has added another set of actively exploited flaws to its Known Exploited Vulnerabilities Catalog.

CVE-2022-47986 with a CVSS score: 9.8 – IBM Aspera Faspex Code Execution Vulnerability:

A remote attacker can trigger the vulnerability to execute arbitrary code on the system. The issue is caused by a YAML deserialization issue. Researchers from Shadowserver Foundation confirmed the active exploitation of the vulnerability in the wild.

Advertisements

CVE-2022-41223 with a CVSS score: 6.8 – Mitel Mi Voice Connect Code Injection Vulnerability:

An authenticated attacker with internal network access can trigger the flaw to execute code within the context of the application.

CVE-2022-40765 with a CVSS score: 6.8 – The Mitel Edge Gateway component of Mi Voice Connect:

An authenticated attacker with internal network access to execute commands within the context of the system.

CISA orders federal agencies to fix this flaw by March 14, 2023.

Leave a Reply

%d bloggers like this: