The U.S. CISA added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:
- CVE-2024-23692 with a CVSS score of 9.8 is a template injection vulnerability that impacts Rejetto HTTP File Server, up to and including version 2.3m. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.
- CVE-2024-38080 with a CVSS score of 7.8 is an elevation of privilege vulnerability in Windows Hyper-V. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
- CVE-2024-38112 with a CVSS score of 7.5 is a Windows MSHTML Platform Spoofing Vulnerability. For exploiting this vulnerability requires an attacker to take additional actions before exploitation to prepare the target environment. An attacker can trigger the issue by sending a malicious file to the victims that would have to execute it.
- CVE-2024-20399 with a CVSS score of 6.0, resides in the CLI of Cisco NX-OS Software, an authenticated, local attacker can exploit the flaw to execute arbitrary commands as root on the underlying operating system of an affected device. This was added to the catalog last week
Advertisements
CISA orders federal agencies to fix this vulnerability by July 30, 2024.
