Cisco has released patches to address a zero-day vulnerability exploited in April. Tracked as CVE-2024-20399, the vulnerability impacts Cisco NX-OS Software. Successful exploitation of the vulnerability could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. Cybersecurity firm Sygnia reported the vulnerability to Cisco along with the information about … Continue reading “Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
PHP CGI Argument Injection Vulnerability (CVE-2024-4577)
Security Researcher Orange Tsai recently discovered a critical argument injection vulnerability in PHP CGI that could allow attackers to execute arbitrary code without any authentication, leading to possible system compromise. The use of PHP CGI has faded over time; however, CVE-2024-4577 affects the default configuration of XAMPP. XAMPP is a popular software used by PHP … Continue reading “PHP CGI Argument Injection Vulnerability (CVE-2024-4577)”
Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)
A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.
Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)
Check Point warned its customers of a vulnerability impacting its Network Security gateway products. The vulnerability, tracked as CVE-2024-24919, is being exploited in the wild. Successful exploitation of the vulnerability may allow an attacker to read specific information on Internet-connected Gateways with remote access VPN or mobile access enabled. CISA acknowledged the active exploitation of … Continue reading “Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)”
Another Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4947)
Google released a security advisory for the second time this week to address a vulnerability known to be exploited in the wild. In this update, Google addressed nine security vulnerabilities, one of which (CVE-2024-4947) is actively exploited.
Microsoft Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let’s take a deep dive into the crucial insights from Microsoft’s Patch Tuesday updates for May 2024. Microsoft Patch Tuesday’s May 2024 edition addressed 67 vulnerabilities, including one critical and 59 important severity vulnerabilities. In this month’s security updates, Microsoft has addressed two zero-day vulnerabilities known … Continue reading “Microsoft Patch Tuesday, May 2024 Security Update Review”
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2024-4671)
Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4671, Google has given the vulnerability a high severity rating. The use-after-free vulnerability exists in the Visuals component. In the advisory, Google mentioned that they are aware of the active exploitation of the vulnerability.
PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)
Attackers are exploiting a command injection vulnerability in Palo Alto Networks PAN-OS software. Tracked as CVE-2024-3400, the vulnerability has been given a critical severity rating and a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code with root privileges on the firewall. The vulnerability exists in the … Continue reading “PAN-OS OS Command Injection Vulnerability Exploited in the Wild (CVE-2024-3400) (Operation MidnightEclipse)”
Critical ConnectWise ScreenConnect Flaws Patched: Urgent Update Advised
Two vulnerabilities have been identified in ConnectWise’s ScreenConnect software, which is extensively utilized by Managed Service Providers (MSPs) for remote access. These vulnerabilities, CVE-2024-1708, which allows for authentication bypass, and CVE-2024-1709, which enables path traversal, began to be exploited shortly after their disclosure. Rated with a severity score of 10 on the CVSS due to … Continue reading “Critical ConnectWise ScreenConnect Flaws Patched: Urgent Update Advised”
FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)
Fortinet has addressed an out-of-bounds write vulnerability impacting FortiOS. Tracked as CVE-2024-21762, the vulnerability has a critical severity rating with a CVSS score 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Fortinet quoted in the advisory that vulnerability is potentially exploited … Continue reading “FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)”
