Metasploit Weekly Wrap-Up: Dec. 15, 2023
Continuing the 12th Labor of Metasploit Metasploit continues its Herculean task of increasing our toolset to tame Kerberos by adding support for AS_REP Roasting, which allows retrieving the password hashes of users who have Do not require Kerberos preauthentication set on the domain controller....
8.8CVSS
9.3AI Score
0.363EPSS
Summary Vulnerabilities (CVE-2023-22045, CVE-2023-22049) exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server and may be affected by this vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in...
3.7CVSS
6.7AI Score
0.001EPSS
Apache StreamPark: Authenticated system users could trigger remote command execution
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in.....
7.2CVSS
7.5AI Score
0.001EPSS
Apache StreamPark: Authenticated system users could trigger remote command execution
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in.....
7.2CVSS
7.2AI Score
0.001EPSS
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in.....
7.2CVSS
7.2AI Score
0.001EPSS
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in.....
7.2CVSS
0.001EPSS
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in.....
7.2CVSS
7.1AI Score
0.001EPSS
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in.....
7.2CVSS
7.5AI Score
0.001EPSS
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in.....
7.3AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud
Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to....
9.8CVSS
7.4AI Score
0.732EPSS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.5AI Score
0.732EPSS
APIDetector - Efficiently Scan For Exposed Swagger Endpoints Across Web Domains And Subdomains
APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false-positives. It's particularly useful for security professionals and developers who are engaged in API testing and vulnerability scanning......
7AI Score
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...
5.9CVSS
7.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in Java™ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could...
9.1CVSS
9AI Score
0.002EPSS
This module will grab Puppet config files, credentials, host information, and file...
7.3AI Score
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator
Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics...
7AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Oct 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in...
5.9CVSS
7.2AI Score
0.001EPSS
Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise...
7.4CVSS
7AI Score
0.002EPSS
rf-biketech.com Improper Access Control vulnerability OBB-3809125
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Ubuntu 20.04 LTS / 22.04 LTS : GNU binutils vulnerabilities (USN-6544-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6544-1 advisory. An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system...
8.8CVSS
7.3AI Score
0.001EPSS
Are You Looking for ACTION? Our very own adfoster-r7 has added a new feature that adds module actions, targets, and aliases to the search feature in Metasploit Framework. As we continue to add modules with diverse goals or targets, we’ve found ourselves leaning on these flags more and more...
7.8CVSS
7.4AI Score
0.86EPSS
Summary IBM Operations Analytics Predictive Insights uses BM® SDK, Java™ Technology Edition, and vulnerability CVE-2022-40609 may expose Java process to a variety of malicious attacks Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and...
9.8CVSS
7.4AI Score
0.003EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
0.0004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
7.9AI Score
0.0004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
7.8CVSS
7.9AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM System Networking Switch Center (SNSC). These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details VEID: CVE-2018-2579 DESCRIPTION: An...
5.3CVSS
1.4AI Score
0.004EPSS
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...
8.1AI Score
0.0004EPSS
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request...
8.8CVSS
8.5AI Score
0.001EPSS
A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing...
7.5CVSS
7.5AI Score
0.001EPSS
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary...
8.8CVSS
8.6AI Score
0.001EPSS
Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics
Explore real use cases demonstrating the transformative impact of Trend Vision One™ – Forensics, an integrated Digital Forensics and Incident Response (DFIR)...
7.4AI Score
ownCloud Phpinfo Reader Exploit
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo() to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker.....
10CVSS
6.6AI Score
0.86EPSS
Memory corruption while submitting a large list of sync points in an AUX command to the...
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL...
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected...
8.4CVSS
7.8AI Score
0.0004EPSS
Transient DOS while parsing WPA IES, when it is passed with length more than expected...
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO...
9.8CVSS
9.6AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.1CVSS
5.6AI Score
0.0004EPSS
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management...
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA...
7.5CVSS
7.5AI Score
0.0005EPSS
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer...
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0005EPSS