December 11, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, November 18, 2023.

FortiSIEM Critical RCE Vulnerability – CVE-2023-36553

Researchers has discovered a critical vulnerability in FortiSIEM that could allow remote attackers to execute arbitrary commands on affected systems. The vulnerability tracked as CVE-2023-36553 and assigned a CVSS score of 9.3, stems from an OS command injection flaw in the FortiSIEM report server.

The vulnerability arises from improper neutralization of special elements used in OS commands within the FortiSIEM report server. By crafting malicious API requests, remote attackers can exploit this flaw to inject arbitrary commands onto the vulnerable system.

Microsoft Patch Tuesday – November 2023

Microsoft patched 58 CVEs in its November 2023 Patch Tuesday release, with three rated critical and 54 rated important. This doesn’t include Microsoft EDGE updates.

  • 16 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 15 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 11 Spoofing Vulnerabilities
Advertisements

Aruba Fixes Critical Vulnerabilities in its Product

Aruba Networks has release patches for 14 vulnerabilities, including three critical, affecting multiple versions of ArubaOS, its proprietary network operating system. These vulnerabilities impact a wide range of Aruba access points running InstantOS and ArubaOS 10, potentially putting corporate networks at risk of remote code execution attacks.

The critical flaws, identified as CVE-2023-45614, CVE-2023-45615, and CVE-2023-45616, with a CVSS score of 9.8 categorized as buffer overflows, reside in the PAPI protocol, Aruba’s proprietary access point management protocol. Exploitation of these vulnerabilities allows an attacker to execute arbitrary code as a privileged user on the affected device, potentially gaining complete control over the network. The vulnerabilities can be triggered by sending specially crafted packets to the PAPI UDP port (8211).

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

SektorCERT report on Danish Cyber Attack

A new report from the Danish critical infrastructure security nonprofit SektorCERT describes different groups of attackers leveraging multiple, critical vulnerabilities in Zyxel firewall devices, including two zero-days, affecting industrial machinery, and isolated them from the rest of the national grid during the onslaught of attack on Danish energy sector.

During April, Zyxel revealed a critical command injection vulnerability affecting its firewall and VPN device firmware. CVE-2023-28771, which allowed any attacker to craft messages for executing remote, unauthorized OS commands.

Advertisements

Reptar Vulnerability- CVE-2023-23583

Intel has fixed a serious vulnerability in various processors for desktops, servers, mobile devices, and embedded systems. This has also proven to be a problem for the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.

The vulnerability dubbed as a Reptar can be used to escalate privileges, gain access to sensitive information, and cause denial of service. However, at least its fixing does not require intervention at the hardware level, as was in the case of an LVI attack

Initially, it was believed that the error could be used only to provoke a denial of service. The vulnerability received only a CVSS score of 5.5. Intel initially planned to release a patch for it in March 2024. However, deeper analysis showed that there was a way to exploit the bug to escalate privileges. And Intel moved the release date of the patch to November 2023. As a result, the vulnerability rating was changed to 8.8 points on the CVSS scale.

Advertisements

Sutter Health Discloses a Data Breach

Northern California-based healthcare system Sutter Health has disclosed that 845,441 patients had their personal data exposed after its third-party communications firm Virgin Pulse was impacted by the widespread MOVEit file transfer system hack conducted by the Cl0p ransomware operation.

Sutter Health was initially notified by Virgin Pulse regarding the compromise on Sept. 22, with a final report provided on Oct. 24 revealing that the health, well-being, and navigation platform had its MOVEit server infiltrated from May 30 to 31, according to Sutter Health.

While attackers may have been able to access patients’ names, birthdates, provider names, health insurance data, treatment cost details, diagnosis, and treatment information, Sutter Health assured that no financial details and Social Security numbers have been compromised.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

1 thought on “TheCyberThrone Security Week In Review – November 18, 2023

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Post

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d