December 11, 2023

FortiSIEM Critical RCE Vulnerability – CVE-2023-36553

Researchers has discovered a critical vulnerability in FortiSIEM that could allow remote attackers to execute arbitrary commands on affected systems. The vulnerability tracked as CVE-2023-36553 and assigned a CVSS score of 9.3, stems from an OS command injection flaw in the FortiSIEM report server.

The vulnerability arises from improper neutralization of special elements used in OS commands within the FortiSIEM report server. By crafting malicious API requests, remote attackers can exploit this flaw to inject arbitrary commands onto the vulnerable system.

Microsoft Patch Tuesday – November 2023

Microsoft patched 58 CVEs in its November 2023 Patch Tuesday release, with three rated critical and 54 rated important. This doesn’t include Microsoft EDGE updates.

  • 16 Elevation of Privilege Vulnerabilities
  • 6 Security Feature Bypass Vulnerabilities
  • 15 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 11 Spoofing Vulnerabilities

Aruba Fixes Critical Vulnerabilities in its Product

Aruba Networks has release patches for 14 vulnerabilities, including three critical, affecting multiple versions of ArubaOS, its proprietary network operating system. These vulnerabilities impact a wide range of Aruba access points running InstantOS and ArubaOS 10, potentially putting corporate networks at risk of remote code execution attacks.

The critical flaws, identified as CVE-2023-45614, CVE-2023-45615, and CVE-2023-45616, with a CVSS score of 9.8 categorized as buffer overflows, reside in the PAPI protocol, Aruba’s proprietary access point management protocol. Exploitation of these vulnerabilities allows an attacker to execute arbitrary code as a privileged user on the affected device, potentially gaining complete control over the network. The vulnerabilities can be triggered by sending specially crafted packets to the PAPI UDP port (8211).


We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

SektorCERT report on Danish Cyber Attack

A new report from the Danish critical infrastructure security nonprofit SektorCERT describes different groups of attackers leveraging multiple, critical vulnerabilities in Zyxel firewall devices, including two zero-days, affecting industrial machinery, and isolated them from the rest of the national grid during the onslaught of attack on Danish energy sector.

During April, Zyxel revealed a critical command injection vulnerability affecting its firewall and VPN device firmware. CVE-2023-28771, which allowed any attacker to craft messages for executing remote, unauthorized OS commands.


Reptar Vulnerability- CVE-2023-23583

Intel has fixed a serious vulnerability in various processors for desktops, servers, mobile devices, and embedded systems. This has also proven to be a problem for the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.

The vulnerability dubbed as a Reptar can be used to escalate privileges, gain access to sensitive information, and cause denial of service. However, at least its fixing does not require intervention at the hardware level, as was in the case of an LVI attack

Initially, it was believed that the error could be used only to provoke a denial of service. The vulnerability received only a CVSS score of 5.5. Intel initially planned to release a patch for it in March 2024. However, deeper analysis showed that there was a way to exploit the bug to escalate privileges. And Intel moved the release date of the patch to November 2023. As a result, the vulnerability rating was changed to 8.8 points on the CVSS scale.


Sutter Health Discloses a Data Breach

Northern California-based healthcare system Sutter Health has disclosed that 845,441 patients had their personal data exposed after its third-party communications firm Virgin Pulse was impacted by the widespread MOVEit file transfer system hack conducted by the Cl0p ransomware operation.

Sutter Health was initially notified by Virgin Pulse regarding the compromise on Sept. 22, with a final report provided on Oct. 24 revealing that the health, well-being, and navigation platform had its MOVEit server infiltrated from May 30 to 31, according to Sutter Health.

While attackers may have been able to access patients’ names, birthdates, provider names, health insurance data, treatment cost details, diagnosis, and treatment information, Sutter Health assured that no financial details and Social Security numbers have been compromised.

1 thought on “TheCyberThrone Security Week In Review – November 18, 2023

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.