Cisco released a security advisory to address critical severity vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers (CVE-2023-20025 & CVE-2023-20026). On successful exploitation, these vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on affected devices. Hou Liuyang of Qihoo 360 Netlab … Continue reading “Cisco EoL Small Business VPN Routers Multiple Vulnerabilities (CVE-2023-20025 & CVE-2023-20026)”
Tag: Remote Code Execution Vulnerability
JsonWebToken Library Remote Code Execution vulnerability (CVE-2022-23529)
A high-severity remote code execution vulnerability has been discovered in the JsonWebToken (JWT) open-source encryption project. Tracked as CVE-2022-23529, an attacker can exploit this vulnerability to gain remote code execution on the target server verifying a maliciously crafted JSON web token (JWT) request. Artur Oleyarsh, Security Researcher at Unit42, has mentioned in his blog, … Continue reading “JsonWebToken Library Remote Code Execution vulnerability (CVE-2022-23529)”
Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)
A critical remote code execution vulnerability has been discovered in multiple Zoho ManageEngine products. Tracked as CVE-2022-47966, this vulnerability affects 24 products of ManageEngine. Successful exploitation of this vulnerability may allow an attacker to perform remote code execution. Khoadha of Viettel Cyber Security has discovered this vulnerability via Zoho Bug Bounty program. Zoho ManageEngine … Continue reading “Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)”
Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)
Fortinet has released patches for an actively exploited pre-authentication remote code execution vulnerability in FortiOS SSL-VPN. Tracked as CVE-2022-42475, it is a critical vulnerability with a CVSSv3 score of 9.8. On successful exploitation, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the target system. The advisory states, “Fortinet is … Continue reading “Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)”
ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)
There is an active exploitation of a pre-authorization remote code execution vulnerability in the popular Access Management platform from digital identity management firm ForgeRock. Tracked as CVE-2021-35464, the vulnerability has given a critical severity. Cybersecurity and Infrastructure Security Agency (CISA) has also acknowledged the active exploitation of this vulnerability. OpenAM is an access management tool … Continue reading “ForgeRock Access Management and OpenAM Critical Remote Code Execution Vulnerability (CVE-2021-35464)”
CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)
CISA has warned security agencies to patch an actively exploited vulnerability in Oracle Access Manager by adding it to its Known Exploited Vulnerabilities Catalog. Tracked as CVE-2021-35587, it is a pre-authentication remote code execution vulnerability in the Oracle Access Manager (OAM). Oracle has rated this vulnerability as critical and provided a CVSS base score of … Continue reading “CISA Added a Critical Oracle Access Manager Vulnerability in its Known Exploited Vulnerability Catalog (CVE-2021-35587)”
VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)
VMware has released patches for multiple vulnerabilities in VMware NSX Manager, which are being tracked as CVE-2021-39144 and CVE-2022-31678. Both vulnerabilities were discovered by Sina Kheirkhah and Steven Seeley of Source Incite. CVE-2021-39144 is rated as ‘Critical’ and is assigned a CVSSv3 base score of 9.8. On successful exploitation, this vulnerability could allow remote code execution … Continue reading “VMware NSX Manager Multiple Vulnerabilities (CVE-2021-39144 and CVE-2022-31678)”
F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)
Researchers have discovered multiple security vulnerabilities in the F5 BIG-IP and BIG-IQ devices (CVE-2022-41800 and CVE-2022-41622). The vulnerabilities affect the iControl SOAP and iControl REST running on F5 BIG-IP and BIG-IQ Devices. F5’s BIG-IP is a collection of software and hardware intended to improve application availability, access management, and security. iControl is the first … Continue reading “F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)”
vm2 NPM Package Remote Code Execution Vulnerability (CVE-2022-36067) (Sandbreak)
Security researchers from Oxeye have discovered a critical remote code execution flaw in vm2, a JavaScript sandbox library. Tracked as CVE-2022-36067, the flaw has been given a CVSS score of 10. On successful exploitation, this flaw could allow attackers to escape the vm2 sandbox environment and run shell commands on the machine hosting the sandbox. … Continue reading “vm2 NPM Package Remote Code Execution Vulnerability (CVE-2022-36067) (Sandbreak)”
Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)
Zimbra Collaboration Suite (ZCS) has an actively exploited remote code execution vulnerability. Tracked as CVE-2022-41352, is a critical severity vulnerability with a CVSS base score of 9.8. The vulnerability could allow an unauthenticated attacker to upload arbitrary files through Amavis (an email security system). Zimbra Collaboration Suite is a widely deployed web client and … Continue reading “Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)”
