Prism Platform’s Top Active Exploits – March 2023
Prism Platform continuously scans a user’s estate for any issues that are being actively exploited by threat actors in the wild. If any of these vulnerabilities are detected, users are alerted immediately by the platform.
In this article, we have rounded up the top active exploits that are currently being monitored by Prism.
CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Apple recently rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the bug was addressed with improved checks, adding it’s “aware of a report that this issue may have been actively exploited.” An anonymous researcher has been credited with reporting the flaw.
CVE-2023-23376 – Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.
CVE-2023-22952 – SugarCRM Injection of Arbitrary Code
CVE-2023-22952 (CVSS score: 8.8), which relates to a case of missing input validation in SugarCRM that could result in the injection of arbitrary PHP code. The bug has been fixed in SugarCRM versions 11.0.5 and 12.0.2.
CVE-2023-22501 – Jira Service Management Critical Security Flaw
Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity.
CVE-2023-22374 – F5 Arbitrary Code Execution
F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP – 13.1.5 14.1.4.6 – 14.1.5 15.1.5.1 – 15.1.8 16.1.2.2 – 16.1.3, and 17.0.0 “A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code,” the company said in an advisory. “In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.” Tracked as CVE-2023-22374 (CVSS score: 7.5/8.5), security researcher Ron Bowes of Rapid7 has been credited with discovering and reporting the flaw on December 6, 2022.
CVE-2023-21839 – Oracle WebLogic Server product of Oracle Fusion Middleware
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N POC Exploit code available https://github.com/4ra1n/CVE-2023-21839
CVE-2023-21823 – Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation.
CVE-2023-21715 – Microsoft Office Security Feature Bypass Vulnerability
An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.
CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2023-21674 is a vulnerability in Windows Advanced Local Procedure Call (ALPC) that could lead to a browser sandbox escape and allow attackers to gain SYSTEM privileges on a wide variety of Windows and Windows Server installations.
CVE-2023-21549 – Windows SMB Witness Service Elevation of Privilege Vulnerability
To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.
CVE-2023-20858 – Carbon Black App Control Injection of Arbitrary Code
Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari Jääskelä has been credited with discovering and reporting the bug. “A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
CVE-2023-20078 – Cisco IP Phone 6800, 7800, 7900, and 8800 Series products
The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input. Successful exploitation of the bug could allow an unauthenticated, remote attacker to inject arbitrary commands that are executed with the highest privileges on the underlying operating system.
CVE-2023-0669 – Fortra GoAnywhere MFT Pre-Authentication Command Injection
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. Rootshell have reports of an Active Exploit attacking exposed systems.
source https://www.rootshellsecurity.net/prism-platforms-top-active-exploits-march-2023/
Comments
Post a Comment