This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Why play catch up when you can fix it now?
Vulnerabilities to Watch Out For
CISA Adds CVE-2022-47966 and CVE-2017-11357 to the KEV Catalog
CISA added CVE-2022-47966 to the KEV catalog on Jan 23rd, 2023. It is a ManageEngine vulnerability that is caused by the dependency of Apache Santuario in several ManageEngine products. This is a highly-critical vulnerability as it can allow admin access to multiple ManageEngine products if SSO is enabled in the initial access product.
CVE-2017-11357 is a vulnerability in Telerik’s User Interface (UI) for ASP.NET AJAX. If exploited, it can allow remote code execution in the host device. CISA has recommended that all federal agencies patch this vulnerability by Feb 16, 2023.
Vulnerabilities to Watch Out For
Exploits Available for Multiple VMWare vRealize Flaws
CVE-2022-31704, CVE-2022-31706, CVE-2022-31710 and CVE-2022-31711 impact VMware vRealize Log Insight appliances. An exploit targeting a vulnerability chain for gaining remote code execution is expected to be released this week.
CVE-2022-31706 is a directory traversal vulnerability that can be abused to inject files into the operating system of impacted appliances.
CVE-2022-31704 is a broken access control flaw that can also be exploited by injecting maliciously crafted files in RCE attacks.
CVE-2022-31710 triggers denial of service states.
CVE-2022-31711 is an information disclosure bug that can be exploited to access sensitive session and application information.
All four vulnerabilities are rated critical on the CVSS(v3) scale and needs immediate attention.
VMware released a security advisory addressing all 4 vulnerabilities and recommends its users to patch them immediately.
Exploit Available for CVE-2022-34689
CVE-2022-34689 is a critical Windows CryptoAPI spoofing bug that can be exploited to perform actions such as authentication or code signing as the targeted certificate. Attackers will also be able to perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software, such as web browsers that use Windows’ CryptoAPI cryptography library. This vulnerability impacts old versions of Chrome (v48 and earlier) and Chromium-based applications.
An exploit for this vulnerability was released recently.
Users are recommended to update their Chromium applications to the latest version immediately.
CVE-2022-38023: Samba Logon Bug
If exploited, CVE-2022-38023 can allow an attacker to change the content of some network data packets without getting detected, despite the use of cryptographic MACs (message authentication codes) intended to prevent spoofing and tampering. Attackers can also pull off an elevation-of-privilege (EoP) attack by manipulating data at logon time.
This vulnerability was patched in November 2022 and users need to ensure that they are using the latest version.
CVE-2023-24055: Unaddressed KeePass Vulnerability
CVE-2023-24055 enables threat actors with write access to a target’s system to alter the KeePass XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The user will not be aware of this as the export process will be performed in the background. An exploit for this vulnerability is already publicly available.
However, KeePass is unwilling to classify this vulnerability as a bug and address this issue. As a workaround, KeePass suggests that the regular system users do not have write access to any files/folders in KeePass’ app directory before using an enforced config file.
CVE-2022-27596: Critical QNAP Vulnerability
CVE-2022-27596 affects QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this SQL injection vulnerability allows remote attackers to inject malicious code by sending specially crafted requests on vulnerable devices. It is given a CVSS scale rating og 9.8, classifying it as critical.
QNAP has patched this vulnerability and released a security advisory.