Ivanti Connect Secure and Policy Secure are vulnerable to high-severity flaws (CVE-2024-21888 & CVE-2024-21893) that may lead to privilege escalation and arbitrary code execution on vulnerable systems. One of the flaws tracked as CVE-2024-21893 is being exploited in the wild. Ivanti mentioned in the advisory that they are aware of a few customers who have … Continue reading “Ivanti Releases Patch for Vulnerabilities Impacting Connect Secure and Policy Secure (CVE-2024-21888 & CVE-2024-21893)”
Tag: Privilege Escalation Vulnerability
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Exploited in the Wild (CVE-2023-20198)
Cisco is aware of the active exploitation of a privilege escalation vulnerability in Cisco IOS XE Software Web UI. Tracked as CVE-2023-20198, the vulnerability may allow a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. An attacker may use the compromised account to gain control of the … Continue reading “Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Exploited in the Wild (CVE-2023-20198)”
Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)
Apple has released an emergency update to fix an actively exploited zero-day vulnerability. CVE-2023-42824 is a critical severity vulnerability affecting iPhones and iPads. A local attacker can exploit the vulnerability that exists in the XNU kernel to gain privileges. Apple has fixed the vulnerability with improved checks. Apple has mentioned in their advisories that they … Continue reading “Apple Addressed Two Zero-day Vulnerabilities Affecting iOS and iPadOS (CVE-2023-42824 & CVE-2023-5217)”
Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)
Atlassian Confluence Data Center and Server are vulnerable to a privilege escalation vulnerability. CVE-2023-22515 is a critical severity vulnerability with a CVSS score of 10. A remote attacker may exploit the vulnerability in a low-complexity attack without user interaction. Successful exploitation of the vulnerability may allow attackers to create unauthorized Confluence administrator accounts and access … Continue reading “Atlassian Confluence Data Center and Confluence Server Privilege Escalation Vulnerability (CVE-2023-22515)”
Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)
A new critical severity vulnerability (CVE-2023-3519) in the NetScaler ADC and NetScaler Gateway is being exploited in the wild. CVE-2023-3519 may allow an unauthenticated attacker to perform remote code execution on the target system. The advisory addressed two more vulnerabilities: CVE-2023-3466 CVE-2023-3467 Wouter Rijkbost and Jorren Geurts of Resillion have discovered the vulnerabilities addressed in … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)”
WordPress Plugin Ultimate Member Unauthenticated Privilege Escalation Vulnerability (CVE-2023-3460)
WordPress Ultimate Member plugin is vulnerable to a privilege escalation vulnerability that is being exploited in the wild. CVE-2023-3460 has been rated as critical with a CVSS base score of 9.8. The proof of concept for the vulnerability will be released on August 1st, 2023. Ultimate Member is a user profile and membership plugin for … Continue reading “WordPress Plugin Ultimate Member Unauthenticated Privilege Escalation Vulnerability (CVE-2023-3460)”
MOVEit Transfer Privilege Escalation and Potential Unauthorized Access Vulnerability (CVE-2023-35708)
Progress has discovered a privilege escalation vulnerability in the MOVEit Transfer web application (CVE-2023-35708). On successful exploitation, the vulnerability may allow an attacker to gain unauthorized access to the MOVEit Transfer database. There is no evidence to suggest that the vulnerability is being exploited in the wild. MOVEit Transfer is a managed file transfer (MFT) … Continue reading “MOVEit Transfer Privilege Escalation and Potential Unauthorized Access Vulnerability (CVE-2023-35708)”
Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability (CVE-2023-20178)
Cisco has released patches to address a high-severity vulnerability, CVE-2023-20178, that affects the Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software. Filip Dragovic reported the vulnerability. On successful exploitation, the vulnerability may allow attackers to escalate privileges to those of the SYSTEM. No evidence is available to show the public exploitation of … Continue reading “Cisco AnyConnect Secure Mobility Client Software and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability (CVE-2023-20178)”
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (CVE-2023-20105 and CVE-2023-20192)
Cisco has addressed privilege escalation vulnerabilities that affect Cisco Expressway Series and Cisco TelePresence Video Communication Server. CVE-2023-20105 and CVE-2023-20192 have been given Critical and High severity ratings with a CVSS score of 9.6 and 8.4, respectively. CVE-2023-20105 was encountered during internal security testing by Jason Crowder of the Cisco Advanced Security Initiatives Group (ASIG). CVE-2023-20105 … Continue reading “Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities (CVE-2023-20105 and CVE-2023-20192)”
