March 27, 2023

The US CISA has added another set of actively exploited flaws to its Known Exploited Vulnerabilities Catalog.

CVE-2022-47986 with a CVSS score: 9.8 – IBM Aspera Faspex Code Execution Vulnerability:

A remote attacker can trigger the vulnerability to execute arbitrary code on the system. The issue is caused by a YAML deserialization issue. Researchers from Shadowserver Foundation confirmed the active exploitation of the vulnerability in the wild.

Advertisements

CVE-2022-41223 with a CVSS score: 6.8 – Mitel Mi Voice Connect Code Injection Vulnerability:

An authenticated attacker with internal network access can trigger the flaw to execute code within the context of the application.

CVE-2022-40765 with a CVSS score: 6.8 – The Mitel Edge Gateway component of Mi Voice Connect:

An authenticated attacker with internal network access to execute commands within the context of the system.

CISA orders federal agencies to fix this flaw by March 14, 2023.

Tags:

Leave a Reply

You may have missed

Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
CatB Ransomware Dissection

CatB Ransomware Dissection

March 26, 2023
Microsoft Patches Acropalypse Vulnerability

Microsoft Patches Acropalypse Vulnerability

March 26, 2023
TheCyberThrone Security Week In Review – March 25th, 2023

TheCyberThrone Security Week In Review – March 25th, 2023

March 26, 2023
ChatGPT for Google- Harvest Facebook Accounts

ChatGPT for Google- Harvest Facebook Accounts

March 26, 2023
%d bloggers like this: