/
/
Weekly Threat & Vulnerabilities Report

Weekly Threat & Vulnerabilities Report

Report
July 5, 2024
Profile Icon

Jason Franscisco

CVE-2024-0769
arrow pointing top right
Command Injection
CISA-KEV
OSS
Zero Day
Critical
Affected Product
D-Link DIR-859 1.06B01
Exploited-in-Wild
CVSS Score
9.8
EPSS Score
0.00212
CVE-2024-20399
arrow pointing top right
OS Command Injection
CISA-KEV
OSS
Zero Day
Medium
Affected Product
Cisco NX-OS
Exploited-in-Wild
CVSS Score
6.7
EPSS Score
0.00254
CVE-2024-6387
arrow pointing top right
Race Condition
CISA-KEV
OSS
Zero Day
High
Affected Product
OpenSSH's server (sshd)
Exploited-in-Wild
CVSS Score
8.1
EPSS Score
0.00063
CVE-2024-39891
arrow pointing top right
Unauthenticated Endpoint
CISA-KEV
OSS
Zero Day
Medium
Affected Product
Twilio Authy API
Exploited-in-Wild
CVSS Score
5.3
EPSS Score
0.00045
CVE-2024-38366
arrow pointing top right
Remote Code Execution
CISA-KEV
OSS
Zero Day
Critical
Affected Product
CocoaPods Trunk
Exploited-in-Wild

False

CVSS Score
10
EPSS Score
0.00045
CVE-2024-23692
arrow pointing top right
Template injection
CISA-KEV
OSS
Zero Day
Critical
Affected Product
Rejetto HTTP File Server
Exploited-in-Wild
CVSS Score
9.8
EPSS Score
0.0021
Exploit Activity and Mass Scanning Observed on Cytellite Sensors
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned.  As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
CVE-2024-3400
arrow pointing top right
CISA-KEV
Critical

Command Injection vulnerability in theGlobalProtect feature of Palo Alto Networks PAN-OS

Affected Products
PaloAlto Networks PAN-OS
Exploited-in-Wild
CVE-2024-29973
arrow pointing top right
CISA-KEV
Critical

Command Injection vulnerability in “setCookie”parameter in Zyxel NAS326 and NAS542 devices

Affected Products
Zyxel NAS326 and NAS542 devices
Exploited-in-Wild

False

CVE-2024-22729
arrow pointing top right
CISA-KEV
Critical

Command injection vulnerability in NETIS SYSTEMSMW5360 V1.0.1.3031 via the password parameter on the login page

Affected Products
NETIS SYSTEMS MW5360 V1.0.1.3031
Exploited-in-Wild

False

CVE-2023-4966
arrow pointing top right
CISA-KEV
High

Buffer Overflow Vulnerability in Citrix NetScalerADC and NetScaler Gateway

Affected Products
Citrix Netscaler
Exploited-in-Wild
CVE-2023-6549
arrow pointing top right
CISA-KEV
High

Buffer Overflow vulnerability in Citrix NetScalerADC and NetScaler Gateway leads to unauthenticated denial of service

Affected Products
Citrix NetScaler ADC and NetScaler Gateway
CVE-2023-38646
arrow pointing top right
CISA-KEV
Critical

Remote code execution vulnerability in Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.

Affected Products
Metabase open source/Enterprise
CVE-2023-33010
arrow pointing top right
CISA-KEV
Critical

Buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions leads to denial of service or remote code execution on affected device

Affected Products
Zyxel ATP series firmware
CVE-2023-20198
arrow pointing top right
CISA-KEV
Critical

Privilege escalation vulnerability in web UI feature of Cisco IOS XE Software

Affected Products
Cisco IOS XE Web UI
Exploited-in-Wild
CVE-2023-1389
arrow pointing top right
CISA-KEV
High

Command  Injection Vulnerability in TP-Link Archer AX-21.

Affected Products
TP-Link Archer AX-21
Exploited-in-Wild
CVE-2023-26801
arrow pointing top right
CISA-KEV
Critical

Command injectionvulnerability in LB-LINK devices.

Affected Products
LB-LINK
Exploited-in-Wild
Vulnerabilities abused by Botnet
Identified vulnerabilities exploited by Botnets, including recent CVEs logged in Malware Information Sharing Platform (MISP). Presenting the top 5 CVEs with payloads suggestive of Botnet activities, like utilizing wget with IP addresses.

An unauthenticated command injection vulnerabilityfound in the TP-Link Archer AX21 WiFi router.

Command injection vulnerability in LB-LINKBL-AC1900_2.0 1.0.1, BL-WR9000 2.4.9, BL-X26 1.2.5 and BL-LTE300 1.0.8

Command Injection vulnerability in Gpon home router

Affected Product
Gpon Home Router

Remote code execution vulnerability in Huawei HG532 router

Improper protocol access control vulnerability in Eir D1000 modem.

Arbitrary command execution vulnerability in D-Link DIR-645 Wired/Wireless Router

Affected Product
D-Link DIR-645 Wired/Wireless Router
Vulnerabilities Abused by Malware
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak sites and more.

OS Command Injection vulnerability in the CLI ofCisco NX_OS

Template Injection vulnerability in Rejetto HTTPFile Server up to 2.3m version

Patch
green globe icon with magnifying glass

False

Targeted by Malware

Observable Discrepancy vulnerability in TwilioAuthy API accessed by Authy Android and Authy iOS

Microsoft MSHTML Remote Code Execution Vulnerability

PRE-NVD observed for this week
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.
CVE-2024-27980
arrow pointing top right
Remote Command Execution
Affected Product
Node.js 18.x, 20.x, 21.x on windows
CVE-2024-6249
arrow pointing top right
Stack-Based Buffer Overflow
Affected Product
Wyze Cam v3
Reference
CVE-2024-6248
arrow pointing top right
Improper Authentication
Affected Product
Wyze Cam v3
Reference
CVE-2024-6141
arrow pointing top right
Directory Traversal
Affected Product
Windscribe
Reference
CVE-2024-5877
arrow pointing top right
Out-Of-Bounds Write
Affected Product
IrfanView
Reference
CVE-2024-4708
arrow pointing top right
Use of Hard-coded Password
Affected Product
mySCADA myPRO
Reference

Sign up to our Newsletter