/
/
Weekly Threat & Vulnerabilities Report

Weekly Threat & Vulnerabilities Report

Report
June 21, 2024
CVE-2024-6045
arrow pointing top right
Use of Hard-coded Credentials
CISA-KEV
OSS
Zero Day
High
Affected Product
D-Link wireless routers
Exploited-in-Wild

False

CVSS Score
8.8
EPSS Score
0.0005
CVE-2024-37902
arrow pointing top right
Path traversal
CISA-KEV
OSS
Zero Day
High
Affected Product
Deep javalibrary
Exploited-in-Wild

False

CVSS Score
10
EPSS Score
0.00044
CVE-2024-30103
arrow pointing top right
Remote Code Execution
CISA-KEV
OSS
Zero Day
High
Affected Product
Microsoft Outlook
Exploited-in-Wild

False

CVSS Score
8.8
EPSS Score
0.0005
CVE-2023-32191
arrow pointing top right
Information Disclosure
CISA-KEV
OSS
Zero Day
Critical
Affected Product
Rancher Kubernetes Engine
Exploited-in-Wild

False

CVSS Score
10
EPSS Score
0
Exploit Activity and Mass Scanning Observed on Cytellite Sensors
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned.  As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
CVE-2024-4577
arrow pointing top right
CISA-KEV
Critical

Critical argument injection vulnerability in PHP on Windows servers

Affected Products
PHP-CGI on Windows
CVE-2024-1709
arrow pointing top right
CISA-KEV
Critical

Authentication Bypass Vulnerability in ConnectWise ScreenConnect.

Affected Products
ConnectWise ScreenConnect
Exploited-in-Wild
CVE-2023-38646
arrow pointing top right
CISA-KEV
Critical

Remote code execution vulnerability in Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.

Affected Products
Metabase open source/Enterprise
CVE-2023-26801
arrow pointing top right
CISA-KEV
Critical

Command injection vulnerability in LB-LINK devices.

Affected Products
LB-LINK
Exploited-in-Wild
CVE-2023-1389
arrow pointing top right
CISA-KEV
High

Command Injection Vulnerability in TP-Link Archer AX-21.

Affected Products
TP-Link Archer AX-21
Exploited-in-Wild
CVE-2022-30023
arrow pointing top right
CISA-KEV
High

Command injection vulnerability via the Ping function in Tenda Products.

Affected Products
Tenda Devices
Exploited-in-Wild
Vulnerabilities abused by Botnet
Identified vulnerabilities exploited by Botnets, including recent CVEs logged in Malware Information Sharing Platform (MISP). Presenting the top 5 CVEs with payloads suggestive of Botnet activities, like utilizing wget with IP addresses.

An unauthenticated command injection vulnerability found in the TP-Link Archer AX21 WiFi router.

Remote code execution vulnerability in Huawei HG532 router

Affected Product
Huawei HG532
Abused by Botnet

Improper protocol access control vulnerability in Eir D1000 modem .

Affected Product
Eir D1000 modem
Abused by Botnet
Vulnerabilities Abused by Malware
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak sites and more.

Authentication bypass vulnerability in VMware Tools leads to remote code execution

Targeted by Malware
  • UNC3886
  • VIRTUALPIE
  • VIRTUALSPHERE
  • VIRTUALPITA
  • REPTILE

Information disclosure vulnerability due to improper permission of files in vCenter server multiple versions

Targeted by Malware
  • UNC3886
  • VIRTUALPIE
  • VIRTUALSPHERE
  • VIRTUALPITA
  • REPTILE

Path Traversal vulnerability in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11

Targeted by Malware
  • UNC3886
  • VIRTUALPIE
  • VirtualGate
  • VIRTUALPITA
  • REPTILE
  • THINCRUST
  • CASTLETAP
  • TABLEFLIP

Heap-based buffer overflow vulnerability in FortiOS SSL-VPN and FortiProxy SSL-VPN

Targeted by Malware
  • UNC3886
  • VIRTUALPIE
  • VIRTUALSPHERE
  • VIRTUALPITA
  • REPTILE

PRE-NVD observed for this week
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.
CVE-2024-5510
arrow pointing top right
Out-Of-Bounds Read
Affected Product
Kofax Power PDF
CVE-2024-5511
arrow pointing top right
Out-Of-Bounds Read
Affected Product
Kofax Power PDF
CVE-2024-2201
arrow pointing top right
Information Disclosure
Affected Product
Native Spectre v2
CVE-2024-5717
arrow pointing top right
Command Injection
Affected Product
Unified SecOps Platform
CVE-2024-5719
arrow pointing top right
Command Injection
Affected Product
Unified SecOps Platform
CVE-2023-32191
arrow pointing top right
Information Disclosure
Affected Product
Rancher Kubernetes Engine

Subscribe to our Newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.