As the wave of digitalization sweeps the world, the frequency of discovery and exploitation of security vulnerabilities is increasing at an alarming rate, especially in key sectors such as industrial automation, green energy, finance, transportation systems, national defense, and the medical industry, which have become the main targets of cyber attackers. The proliferation of data breaches and ransomware attacks highlights the fact that security breaches are being used as a primary attack vector by hackers.
This article sorts out and analyzes the vulnerabilities in 2023 that are extremely harmful, have a wide range of impact, and have a variety of attack methods, aiming to provide a detailed overview of vulnerability information for practitioners in the cybersecurity community, so that security practitioners can have a more comprehensive grasp of these security threats and build a stronger security defense line accordingly.
1、CVE-2023-0266(Linux kernel 资源管理错误漏洞)
Vulnerability description: Linux kernel is a kernel used by Linux, an open-source operating system of the Linux Foundation.
A resource management bug security vulnerability exists in Linux Kernel CVE-2023-0266 which allows privilege escalation to gain ring0 access from a system user.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-0266
Mitigation: The threat can be addressed with an official patch update, free update link: https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e
2、CVE-2023-0669(Fortra GoAnywhere MFT 远程代码执行漏洞)
Vulnerability Description: GoAnywhere is a single, easy-to-access platform that can be used for all data transfer and EDI activities, manage file transfers, simplify EDI, and perform multiple tasks in one place. HelpSystems GoAnywhere MFT has a security vulnerability CVE-2023-0669, which allows an attacker to construct a malicious request without logging in to trigger deserialization, execute arbitrary commands, and take control of the server.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-0669
Mitigation: The threat can be addressed with an official patch update, (updated to version 7.1.2.) )
3、CVE-2023-1389(TP-LINK Archer AX21 命令注入漏洞)
漏洞描述:TP-LINK Archer AX21是TP-LINK公司的一款无线路由器。
A security vulnerability exists in firmware versions prior to the TP-LINK Archer AX21 1.1.4 Build 20230219 due to a command injection vulnerability that could be exploited by an unauthenticated attacker to inject a command running as root via a simple POST request.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-1389
Mitigation: The threat can be addressed through an official patch update, free update link:
https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware
4、CVE-2023-1671(Sophos Web Appliance 命令注入漏洞)
Vulnerability description: Sophos Web Appliance is a firewall from Sophos. A security vulnerability exists in Sophos Web Appliance prior to 4.3.10.4 due to a pre-authorized command injection vulnerability that could allow an attacker to execute arbitrary code.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-1671
Mitigation: The threat can be addressed through an official patch update, free update link:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
5、CVE-2023-20109(Cisco IOS 缓冲区错误漏洞)
Vulnerability description: Cisco IOS is a set of operating systems developed by Cisco Corporation for its network equipment. A security vulnerability in Cisco IOS Software and Cisco IOS XE stems from a vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker with administrative control over a group member or key server to attack or crash the device on an affected device.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-20109
Mitigation: The threat can be addressed through an official patch update, free update link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx
6、CVE-2023-20198 (Cisco IOS XE Web UI权限升级漏洞)
Vulnerability description: Cisco IOS XE Software is an operating system of Cisco Corporation in the United States. With a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE Software has a security vulnerability that stems from allowing an unauthenticated, remote attacker to create a privileged account on an affected system.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-20198
Mitigation: The threat can be addressed through an official patch update, free update link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
7、CVE-2023-20269(Cisco ASA和FTD 安全漏洞)
Vulnerability description: Cisco Firepower Threat Defense (FTD) is a suite of unified software that provides next-generation firewall services from Cisco Corporation. Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software have a security vulnerability that stems from a misseparation of authentication, authorization, and billing between the remote access VPN feature and the HTTPS management and site-to-site VPN functionality, potentially allowing an unauthenticated, remote attacker to brute force an attempt to identify a valid username and password combination.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-20269
Mitigation: The threat can be addressed through an official patch update, free update link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
8、CVE-2023-20273 (Cisco IOS XE Web UI命令注入漏洞)
Vulnerability description: Cisco IOS XE Software is an operating system of Cisco Corporation in the United States. With a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE Software has a security vulnerability that stems from insufficient input validation, allowing an attacker to use root privilege injection commands via the web UI feature.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-20273
Mitigation: The threat can be addressed through an official patch update, free update link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
9、CVE-2023-2033(Google Chromium V8 类型混淆漏洞)
Vulnerability description: Google Chrome is a Web browser from Google Inc. in the United States. V8 is one of the open-source JavaScript engines. Google Chrome prior to 112.0.5615.121 has a security vulnerability due to type confusion in V8, which allows a remote attacker to potentially exploit heap corruption via crafted HTML pages.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-2033
Mitigation: The threat can be addressed through an official patch update, free update link:
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
10、CVE-2023-20867(VMware Tools 授权问题漏洞)
Vulnerability description: VMware Tools is a VMWare virtual machine enhancement tool provided by VMware, which is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, and synchronize the clock between virtual machines and hosts. VMware Tools has a security vulnerability that stems from the inability to verify host-to-customer operations, affecting the confidentiality and integrity of customer virtual machines.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-20867
Mitigation: The threat can be addressed through an official patch update, free update link:
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
11、CVE-2023-20887(VMware Aria Operations 命令注入漏洞)
Vulnerability description: VMware Aria Operations is a unified, AI-driven, autonomous driving IT operations management platform from VMware, Inc., for private, hybrid, and multi-cloud environments. VMware Aria Operations Networks 6.x series has a security vulnerability that could enable an attacker to execute a command injection attack that could lead to remote code execution.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-20887
Mitigation: The threat can be addressed through an official patch update, free update link:
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
12、CVE-2023-20963(Google Android 信任管理问题漏洞)
Vulnerability Description: An unidentified vulnerability exists in the Android framework that allows privilege escalation after updating an app to a higher target SDK without additional execution privileges.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-20963
Mitigation: The threat can be addressed through an official patch update, free update link:
https://source.android.com/docs/security/bulletin/2023-03-01
13、CVE-2023-21237(Android Pixel 信息泄露漏洞)
Vulnerability description: Google Pixel is a smartphone from Google Inc. in the United States. The Android Pixel contains a vulnerability in the Framework component that could be misleading or insufficient, and therefore provides a way to hide foreground service notifications, which could enable a local attacker to exfiltrate sensitive information.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-21237
Mitigation: The threat can be addressed through an official patch update, free update link:
https://source.android.com/security/bulletin/pixel/2023-06-01
14、CVE-2023-2136(Google Chrome Skia整数溢出漏洞)
Vulnerability description: This vulnerability is due to the existence of integer overflow in Skia and can destroy the code environment of the renderer process, an attacker can exploit this vulnerability to construct malicious data to execute sandbox escape without authorization, and cooperate with other vulnerabilities to execute arbitrary code and finally obtain the highest privilege of the server.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-2136
Mitigation: The threat can be addressed through an official patch update, free update link:
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
15、CVE-2023-21492(SAMSUNG Mobile devices 日志信息泄露漏洞)
漏洞描述:SAMSUNG Mobile devices是韩国三星(SAMSUNG)公司的一系列的三星移动设备,包括手机、平板等。 SAMSUNG Mobile devices SMR May-2023 Release 1 版本之前存在安全漏洞,该漏洞源于日志文件允许特权本地攻击者绕过 ASLR。
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-21492
Mitigation: The threat can be addressed through an official patch update, free update link:
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
16、CVE-2023-21608(Adobe Acrobat Reader 资源管理错误漏洞)
Vulnerability description: Adobe Acrobat Reader is a PDF viewer from Adobe Inc. This software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader 22.003.20282 (and earlier), 22.003.20281 (and earlier), and 20.005.30418 (and earlier) have a Resource Management Error vulnerability that is affected by a reuse after free vulnerability that could lead to arbitrary code execution in the context of the current user. Exploiting this issue requires user interaction, as the victim has to open the malicious file.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-21608
Mitigation: The threat can be addressed through an official patch update, free update link:
https://helpx.adobe.com/security/products/acrobat/apsb23-01.html
17、CVE-2023-21674(Microsoft Windows 高级本地过程调用 (ALPC) 权限提升漏洞)
Vulnerability description: Microsoft Windows ALPC is an inter-process communication tool used for high-speed messaging by Microsoft Corporation in the United States. Microsoft Windows ALPC has a security vulnerability CVE-2023-21674, which can be exploited by an attacker to escalate privileges.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-21674
Mitigation: The threat can be addressed through an official patch update, free update link:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674
18、CVE-2023-21715(Microsoft Publisher 安全功能绕过漏洞)
Vulnerability description: Microsoft Publisher is an entry-level desktop publishing application software from Microsoft (Microsoft) in the United States, which can provide more powerful page element control functions than Microsoft Word. Microsoft Office Publisher contains a security feature bypass vulnerability that allows an authenticated, local attack on a targeted system.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-21715
Mitigation: The threat can be addressed through an official patch update, free update link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715
19、CVE-2023-21823(Microsoft Windows 图形组件权限提升漏洞)
漏洞描述:Windows Graphics Component 是 Windows 操作系统中的一个组件,它提供了用于图形处理和显示的核心功能和 API。 该组件的受影响版本存在远程代码执行漏洞,以下产品和版本受到影响:Microsoft Office,Microsoft Office for iOS,Windows 10 Version 1809,Windows Server 2019,Windows Server 2022,Windows 10 Version 20H2,Windows 11 version 21H2,Windows 10 Version 21H2,Windows 11 version 22H2,Windows 10 Version 22H2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2008,Windows Server 2008 R2,Windows Server 2012, Windows Server 2012 R2。
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-21823
Mitigation: The threat can be addressed through an official patch update, free update link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
20、CVE-2023-21839(Oracle WebLogic Server 安全漏洞)
Vulnerability description: Oracle WebLogic Server is an application service middleware for cloud and traditional environments, which provides a modern lightweight development platform to support the entire lifecycle management of applications from development to production, and simplify application deployment and management. Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 have a security vulnerability that could lead to unauthorized access to critical data or full access to all Oracle WebLogic Server accessible data.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-21839
Mitigation: The threat can be addressed through an official patch update, free update link:
https://www.oracle.com/security-alerts/cpujan2037.html
21、CVE-2023-22515(Atlassian Confluence 数据中心和服务器访问控制漏洞)
漏洞描述:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server存在安全漏洞,该漏洞源于外部攻击者可能利用可公开访问的Confluence Data Center和Confluence Serve,用未知的漏洞来创建Confluence 管理员帐户并访问 Confluence 实例。
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-22515
Mitigation: The threat can be addressed through an official patch update, free update link:
https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276
22、CVE-2023-22518(Atlassian Confluence 数据中心和服务器授权不当漏洞)
Vulnerability Description: Atlassian Confluence Data Center and Server contains an improper authorization vulnerability that could lead to significant data loss by an unauthenticated attacker, with no impact on confidentiality as the attacker is unable to disclose any data.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-22518
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22518&field_date_added_wrapper=all&sort_by=field_date_added&items_per_page=20
Mitigation: The threat can be addressed through an official patch update, free update link:
https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907
23、CVE-2023-22527(Atlassian Confluence 数据中心和服务器模板注入漏洞)
Vulnerability description: Atlassian Confluence is a set of professional enterprise knowledge management and collaboration software from Atlassian, Australia, which can also be used to build enterprise WiKi. Atlassian Confluence Data Center and Server has a security vulnerability that stems from a template injection vulnerability that could allow an unauthenticated attacker to implement remote code execution on an affected instance.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-22527
Mitigation: The threat can be addressed through an official patch update, free update link:
https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615
24、CVE-2023-22952(SugarCRM 输入验证错误漏洞)
Vulnerability description: SugarCRM is an open-source customer relationship management system (CRM) from SugarCRM in the United States. The system supports differentiated marketing, management and distribution of leads for different customer needs, and realizes information sharing and tracking of sales representatives. SugarCRM prior to 12.0 has a security vulnerability due to a lack of input validation, and a well-crafted request can be injected with custom PHP code through an email template.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-22952
Mitigation: The threat can be addressed through an official patch update, free update link:
https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/
25、CVE-2023-23376(Microsoft Windows 通用日志文件系统 (CLFS) 驱动程序权限提升漏洞)
Vulnerability description: Microsoft Windows Common Log File System Driver (CLFS) is a driver in the Windows operating system that supports transaction-based file system operations. The CLFS driver provides a robust, transaction-based mechanism for logging, recovery, and backing up file system operations, ensuring file system data integrity and consistency. In the affected version, a threat actor can gain SYSTEM privileges on the targeted host.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-23376
Mitigation: The threat can be addressed through an official patch update, free update link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376
26、CVE-2023-23397(Microsoft Office Outlook 权限提升漏洞)
Vulnerability description: Microsoft Office Outlook contains an elevation of privilege vulnerability that allows an NTLM relay attack on another service to authenticate as a user.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-23397
Mitigation: The threat can be addressed through an official patch update, free update link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
27、CVE-2023-23752 (Joomla Rest API 未授权访问漏洞)
Vulnerability description: Joomla is an open-source, cross-platform content management system (CMS) developed by the Open Source Matters team in the United States using PHP and MySQL. Joomla versions 4.0.0 to 4.2.7 have a security vulnerability that stems from improper access checking, which allows unauthorized access to web service endpoints.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-23752
Mitigation: The threat can be addressed through an official patch update, free update link:
https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
28、CVE-2023-24489(Citrix Content Collaboration ShareFile 访问控制不当漏洞)
漏洞描述:Citrix Systems Content Collaboration是美国思杰系统(Citrix Systems)公司的一种安全的企业文件同步和共享服务。 可满足用户的移动和协作需求以及企业的数据安全要求。 Citrix Systems Content Collaboration存在安全漏洞,该漏洞源于 ShareFile StorageZones Controller 存在不正确的资源控制漏洞。
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-24489
Mitigation: The threat can be addressed through an official patch update, free update link:
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
29、CVE-2023-24880(Microsoft Windows SmartScreen 安全功能绕过漏洞)
Vulnerability description: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Web Markup (MOTW) defenses via specially crafted malicious files.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-24880
Mitigation: The threat can be addressed through an official patch update, free update link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880
30、CVE-2023-24955(Microsoft SharePoint 服务器代码注入漏洞)
Vulnerability description: Microsoft SharePoint Server contains a code injection vulnerability that could allow an authenticated attacker with site owner privileges to remotely execute code.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-24955
Mitigation: The threat can be addressed through an official patch update, free update link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955
31、CVE-2023-25717(Ruckus Wireless SmartZone 代码注入漏洞)
Vulnerability Description: The Ruckus Wireless SmartZone is a high-performance WLAN controller from Ruckus Corporation.
Ruckus Wireless Admin 10.4 and earlier has a security vulnerability that stems from allowing remote code execution via an unauthenticated HTTP GET request.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-25717
Mitigation: The threat can be addressed through an official patch update, free update link:
https://support.ruckuswireless.com/security_bulletins/315
32、CVE-2023-26083(Arm Mali GPU Kernel Driver 安全漏洞)
Vulnerability description: ARM Midgard GPU Kernel Driver and Valhall GPU Kernel Driver are both products of ARM in the United Kingdom. Midgard GPU Kernel Driver is a Mali GPU device driver. Valhall GPU Kernel Driver is a Valhall GPU kernel driver. The Arm Mali GPU Kernel Driver has a security vulnerability that stems from an unprivileged user performing valid GPU processing operations that expose sensitive kernel metadata.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-26083
Mitigation: The threat can be addressed through an official patch update, free update link:
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
33、CVE-2023-26359(Adobe ColdFusion 反序列化漏洞)
Vulnerability description: Adobe ColdFusion is a rapid application development platform from Adobe Inc. The platform includes an integrated development environment and a scripting language. Due to Adobe ColdFusion's flaw in deserialization security checks, an unauthenticated, remote attacker could deserialize the attack by crafting malicious packets, and eventually execute arbitrary code on the target system.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-26359
Mitigation: The threat can be addressed through an official patch update, free update link:
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
34、CVE-2023-26360(Adobe ColdFusion 访问控制错误漏洞)
Vulnerability description: Adobe ColdFusion is a rapid application development platform from Adobe Inc. The platform includes an integrated development environment and a scripting language. Due to the improper control of resource access to Adobe ColdFusion, an unauthenticated attacker could exploit this vulnerability to implement arbitrary code execution on the target system without user interaction.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-26360
https://zhuanlan.zhihu.com/p/615386934
Mitigation: The threat can be addressed through an official patch update, free update link:
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
35、CVE-2023-26369(Adobe Acrobat Reader 缓冲区错误漏洞)
Vulnerability description: Adobe Acrobat Reader is a PDF viewer from Adobe Inc. This software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader has a buffer error vulnerability due to an out-of-bounds write issue that could lead to arbitrary code execution.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-26369
Mitigation: The threat can be addressed through an official patch update, free update link:
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
36.CVE-2023-27350 (PaperCut NG 1000 1550 1550 1155 1550 1550 1255 1335 1550 1555 1550 12555 1255 1550 15550 11550 15550 11550 11555 1255 1555 1155 11555 12555 12551 11855 1155 1111 11.55 000 125 12 15 000 125 00 155 00 111 00 13 111 12 15 12 15 15 12 15 11 3.
Vulnerability description: PaperCut NG is a set of next-generation printer control software from PaperCut, Australia. PaperCut NG 22.0.5 has an access control error vulnerability due to improper access control, which allows an attacker to bypass authentication and execute arbitrary code in the context of the system.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-27350
Mitigation: The threat can be addressed through an official patch update, free update link:
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
37、CVE-2023-27524(Apache Superset 安全漏洞)
Vulnerability description: Apache Superset is a modern, open-source big data tool and enterprise-grade business intelligence web application for data exploration analysis and data visualization, providing an easy-to-use no-code visual builder and a claimed state-of-the-art SQL editor that users can use to quickly build data dashboards. Apache Superset 2.0.1 and earlier versions have a security vulnerability CVE-2023-27524, which allows an unauthorized attacker to spoof as an administrator user to access Apache Superset based on the default configured SECRET_KEY.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-27524
Mitigation: The threat can be addressed through an official patch update, free update link:
https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
38、CVE-2023-27532(Veeam Backup & Replication 访问控制错误漏洞)
Vulnerability description: Veeam Backup & Replication is a backup and replication software from Veeam in the United States. Veeam Backup & Replication has a security vulnerability that allows access to encrypted credentials stored in the configuration database and allows an attacker to gain access to the backup infrastructure host.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-27532
Mitigation: The threat can be addressed through an official patch update, free update link:
https://www.veeam.com/kb4424
39、CVE-2023-27992(Zyxel NAS326 操作系统命令注入漏洞)
Vulnerability description: Zyxel NAS326 is a cloud storage NAS system from Zyxel in China. Zyxel NAS326 V5.21 (AAZF.14) firmware versions prior to C0, NAS540 V5.21 (AATB.11) firmware versions prior to C0, and firmware versions prior to NAS542V5.21 have a security vulnerability that could allow an unauthenticated attacker to remotely execute certain operating system (OS) commands by sending crafted HTTP requests.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-27992
Mitigation: The threat can be addressed with an official patch update, Free update link: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
40、CVE-2023-27997(Fortinet FortiOS 缓冲区错误漏洞 )
Vulnerability description: Fortinet FortiOS is a secure operating system from Fortinet dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, web content filtering, and anti-spam. Fortinet FortiOS has a heap-based buffer overflow vulnerability that could allow an unauthenticated, remote attacker to execute code or commands via a specially crafted request.
https://nic.cczu.edu.cn/2023/0615/c1305a334343/page.htm
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-27997
Mitigation: The vulnerability has been fixed and affected users can update to FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, 7.2.5 or later. Download link:
https://docs.fortinet.com/product/fortigate/6.0
https://docs.fortinet.com/product/fortigate/6.2
https://docs.fortinet.com/product/fortigate/6.4
https://docs.fortinet.com/product/fortigate/7.0
https://docs.fortinet.com/product/fortigate/7.2
41、CVE-2023-28229(Microsoft Windows CNG 密钥隔离服务权限提升漏洞)
Vulnerability description: The Microsoft Windows Encryption Next Generation (CNG) Key Isolation Service contains an unidentified vulnerability that could allow a threat actor to gain specific limited system privileges.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-28229
Mitigation: The threat can be addressed with an official patch update, free update link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28229
42. CVE-2023-28252 (Windows Common Log File System Driver Elevation Privilege Vulnerability)
Vulnerability description: CVE-2023-28252 affects all supported versions of Windows servers and clients and could enable an attacker to gain system privileges and completely compromise a targeted Windows system without user intervention.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-28252
Mitigation: The threat can be addressed with an official patch update, free update link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252
43、CVE-2023-28432(MinIO 信息泄露漏洞)
Vulnerability description: MinIO is an open-source object storage server from MinIO in the United States. The product enables the construction of infrastructure for machine learning, analytics, and application data workloads. There is an information disclosure vulnerability in MinIO, which is caused by information disclosure caused by MinIO returning all environment variables in a cluster deployment.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-28432
Mitigation: This threat can be addressed with an official patch update, free update link: https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
44、CVE-2023-28434(MinIO 安全漏洞)
Vulnerability description: MinIO is an open-source object storage server from MinIO in the United States. The product enables the construction of infrastructure for machine learning, analytics, and application data workloads. A security vulnerability exists in MinIO that could enable an attacker to gain access to enable console APIs.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-28434
Mitigation: The threat can be addressed with an official patch update, free update link: https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5
45、CVE-2023-2868(Barracuda Email Security Gateway 远程命令注入漏洞)
Vulnerability description: Barracuda Load Balancer is an application delivery controller from Barracuda Networks. A remote command injection vulnerability in the Barracuda Secure Email Gateway product is due to a failure to fully clean up the processing of .tar files (tape archives) and stems from incomplete input validation of .tar files provided by the user as it relates to the names of the files contained in the archive. As a result, a remote attacker could specifically format these filenames in a specific way, resulting in remote execution of system commands with privileges on the email security gateway product via Perl's qx operator, and successful exploit could lead to the execution of commands with that user privilege on the target system.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-2868
Mitigation measures: The latest version has been officially released, and affected users are advised to update and upgrade to the latest version in a timely manner. The link is as follows: https://www.barracuda.com/company/legal/esg-vulnerability
46、CVE-2023-29298(Zyxel ZyWALL USG 操作系统命令注入漏洞)
Vulnerability description: Zyxel ZyWALL USG is a network security firewall device of Zyxel, which has an operating system command injection vulnerability in Zyxel ZyWALL USG versions 4.60 to 5.35, which is caused by improper handling of error messages. An attacker can exploit this vulnerability to remotely execute certain operating system commands by sending specially crafted packets to an affected device.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-28771
Mitigation: This threat can be addressed through an official patch update, free update link: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
47、CVE-2023-29298(Adobe ColdFusion 认证绕过漏洞)
Description of the vulnerability: An access control bypass vulnerability affecting Adobe ColdFusiion has been discovered in the external access product functionality of ColdFusion administrators, which allows an attacker to access an administrative endpoint by inserting an unexpected additional forward slash character into the requested URL.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-29298
Mitigation: This threat can be addressed with an official patch update, free update link: https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
48、CVE-2023-29300(Adobe ColdFusion 代码问题漏洞 )
Vulnerability description: Adobe ColdFusion is a rapid application development platform from Adobe Corporation, which includes an integrated development environment and a scripting language. Adobe ColdFusion has a code issue vulnerability that is affected by an untrusted data deserialization vulnerability that could lead to arbitrary code execution.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-29300
Mitigation: This threat can be addressed with an official patch update, free update link: https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
49、CVE-2023-29336(Win32k 特权提升漏洞)
Vulnerability description: Microsoft Win32k contains an unknown vulnerability CVE-2023-29336, which could enable a threat attacker to upgrade themselves to SYSTEM privileges.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-29336
Mitigation: The threat can be addressed with an official patch update, free update link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336
50、CVE-2023-29357(Microsoft SharePoint 认证绕过致代码执行漏洞)
Vulnerability description: Microsoft SharePoint is a set of enterprise business collaboration platforms from Microsoft Corporation that consolidates business information and enables you to share work, collaborate with others, organize projects and workgroups, and search for people and information. Microsoft Office SharePoint has a security vulnerability CVE-2023-29357, an attacker can exploit this vulnerability to escalate privileges, construct malicious requests to forge identities and log in to SharePoint admin background, causing sensitive information and remote code execution.
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-29357
Mitigation: The threat can be addressed through an official patch update, free update link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357
51. CVE-2023-29360 (Microsoft Streaming Service Elevation of Privilege Vulnerability)
Vulnerability description: The mskssrv driver is part of the Windows kernel, which is mainly responsible for managing and coordinating multimedia resources on the computer, including audio and video playback and recording. Due to improper data validation in the mskssrv driver, there is a lack of validation when referencing user-provided values as pointers, resulting in an unauthenticated local attacker exploiting this vulnerability to elevate privileges to SYSTEM. https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-29360
Mitigation: The threat can be addressed through an official patch update, free update link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360
52、CVE-2023-29492(New Survey 代 入 )
Vulnerability description: A security vulnerability exists in Novi Survey versions earlier than 8.9.43676 that could enable an attacker to execute arbitrary code on a server in the context of a service account. The vulnerability does not provide access to investigation or response data stored in the system.
Mitigation: Upgrade to version 8.9.43676 or later. For versions earlier than 8.9.43676, there is no workaround available:
https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx
53. CVE-2023-29552 (Service Locator Protocol <SLP>Denial of Service Vulnerability)
Vulnerability description: Service Locator Protocol (SLP) contains a denial of service (DoS) vulnerability that could enable an unauthenticated, remote attacker to register a service and use spoofed UDP traffic to perform a denial-of-service (DoS) attack with significant amplification.
https://security.netapp.com/advisory/ntap-20230426-0001/
Mitigation: Upgrade to ESXi 7.0 U2c and later and ESXi 8.0 GA and later that are not affected by the vulnerability:
https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html
54、CVE-2023-3079(Google Chrome V8类型混淆漏洞)
Vulnerability description: Due to a type confusion vulnerability in the Chrome V8 JavaScript engine, a malicious attacker tricks a user into opening a malicious link, and the browser may crash or execute arbitrary code after successfully reading or writing memory beyond the buffer boundary.
Mitigation: The vulnerability has been officially fixed, and has been updated to 114.0.5735.106 for Mac and Linux, and 114.0.5735.110 for Windows.
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
55、CVE-2023-32046(Microsoft Windows MSHTML 平台特权升级漏洞)
漏洞描述:Windows MSHTML 平台存在不明漏洞,攻击者利用该漏洞可以提升权限,以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems, Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems, Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)。
Mitigation: Vulnerabilities can be fixed through automatic updates to Microsoft patches via Windows Update, or patches can be downloaded manually:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046
56、CVE-2023-32049(Microsoft Windows Defender SmartScreen 安全功能绕过漏洞)
漏洞描述:允许远程攻击者危害受影响的系统。 由于Windows SmartScreen中的URL验证不当。 远程攻击者可以诱骗受害者访问特制的URL、绕过“打开文件 - 安全警告”提示并在系统上执行任意代码。 以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems, Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems。
Mitigation: Vulnerabilities can be fixed through automatic updates to Microsoft patches via Windows Update, or you can manually download patches: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32049
57、CVE-2023-32315(Ignite Realtime Openfire 路径遍历漏洞)
Vulnerability Description: Allows an unauthenticated user to use the unauthenticated Openfire settings environment in a configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users.
Affected versions:
>= 3.10.0, < 4.6.8
>= 4.7.0, < 4.7.5
Mitigations:
1. Upgrade to 4.6.8 or 4.7.5 or above. At present, the official patch has been released:
https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm
2. If it is not convenient to upgrade, you can use the Alibaba Cloud security group feature to set the Openfire Administrator Console to be open only to trusted addresses.
58、CVE-2023-33009(Zyxel 多款防火墙缓冲区溢出漏洞)
Vulnerability Description: Zyxel ATP Series Firmware Version 4.60 to 5.36 Patch 1, USG FLEX Series Firmware Version 4.60 to 5.36 Patch 1, USG FLEX 50(W) Firmware Version 4.60 to 5.36 Patch 1, USG20(W)-VPN Firmware Version 4.60 to 5.36 Patch 1, VPN Series Firmware Version 4.60 to 5.36 Patch 1, ZyWALL/USG Series Firmware Version 4.60 to 4.73 Patch 1 An unauthenticated attacker could be allowed to cause a denial-of-service (DoS) condition on the affected device or even execute code remotely.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
59、CVE-2023-33010(Zyxel 多款防火墙缓冲区溢出漏洞)
Vulnerability description: Zyxel ATP Series Firmware Version 4.32 to 5.36 Patch 1, USG FLEX Series Firmware Version 4.50 to 5.36 Patch 1, USG FLEX 50(W) Firmware Version 4.25 to 5.36 Patch 1, USG20(W)-VPN Firmware Version 4.25 to 5.36 Patch 1, VPN Series Firmware Version 4.30 to 5.36 Patch 1, ZyWALL/USG Series Firmware Version 4.25 to 4.73 Patch 1 An unauthenticated attacker could be allowed to cause a denial-of-service (DoS) condition on the affected device or even execute code remotely.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
60. CVE-2023-33063 (Qualcomm Chipsets are free to use in DSP services)
Vulnerability description: A use-and-release vulnerability exists in multiple Qualcomm chipsets due to memory corruption in the DSP service during remote calls from HLOS to DSP.
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html#_cve-2023-33063
Mitigation: Update the current system or software to the latest version and complete the vulnerability fix: https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/2643808ddbedfaabbb334741873fb2857f78188a
https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/d43222efda5a01c9804d74a541e3c1be9b7fe110
61, CVE-2023-33106 (Qualcomm Chipsets use out-of-range pointer offset in graph)
Vulnerability description: When submitting a large list of sync points in the AUX command to IOCTL_KGSL_GPU_AUX_COMMAND, a vulnerability existed in multiple Qualcomm chipsets using out-of-range pointer offset due to memory corruption in Graphics. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack.
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html#_cve-2023-33106
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/1e46e81dbeb69aafd5842ce779f07e617680fd58
62、CVE-2023-33107(Qualcomm Chipsets Linux 中的整数溢出或环绕)
Description: A memory corruption vulnerability exists in Graphics Linux when a shared virtual memory area is allocated during an IOCTL call. An attacker can exploit this vulnerability to cause memory corruption via a specially crafted request, which could lead to a denial of service or arbitrary code execution.
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b
63、CVE-2023-33246(Apache Rocketmock 代码注入漏洞)
Vulnerability description: Multiple components of Apache RocketMQ (including NameServer, Broker, and Controller) are exposed to the Internet and lack permission verification. An attacker can exploit this vulnerability to execute commands as a system user while RocketMQ is running, or to forge the RocketMQ protocol content by using the update configuration function.
Affected versions:
5.0.0 <= Apache RocketMock < 5.1.1
4.0.0 <= Apache Rocketmock < 4.9.6
https://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html
Mitigation: Upgrade to a secure version:
Apache RocketMock 5.1.1
Apache RocketMock 4.9.6
To mitigate this risk, users are advised to upgrade to the security version described above. If an immediate upgrade is not possible, network-level restrictions should be implemented, such as configuring firewall rules to restrict access to RocketMQ components and prevent unauthorized access. It is also recommended to monitor for any anomalous activity and follow best practices to secure your deployment environment, including regular updates and application of security patches: https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
64、CVE-2023-34048(VMware vCenter Server 缓冲区错误漏洞)
Description: A security vulnerability exists in VMware vCenter Server versions 8.0, 7.0, 5.x, and 4.x, which originates from an out-of-bounds write vulnerability in the implementation of DCERPC. An attacker can exploit this vulnerability to cause remote code execution.
Mitigations: Patches have been officially released:
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
65、CVE-2023-34362(MoveIT SQL注入漏洞)
Description: This vulnerability originates from an SQL injection vulnerability. An attacker can exploit this vulnerability to access the database and perform changes or deletions. Products and versions affected: Progress MOVEit Transfer versions prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), 2023.0.1 (15.0.1).
https://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html
Mitigation: Patch has been officially released: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
66、CVE-2023-35078(Ivanti Endpoint Manager Mobile 授权问题漏洞)
Description: An authorization issue vulnerability exists in Ivanti Endpoint Manager Mobile 11.10 and earlier due to an authentication bypass that allows a remote attacker to obtain PII, add an administrative account, and change configurations.
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
Mitigation: Patch has been officially released: https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
67、CVE-2023-35081(Ivanti EPMM 路径遍历漏洞)
Vulnerability Description: Ivanti EPMM prior to 11.10.0.3, prior to 11.9.1.2 and prior to 11.8.1.2 has a path traversal vulnerability that allows an authenticated administrator to write arbitrary files to the device.
Mitigations:
Upgrade component endpoint_manager_mobile to version 11.8.1.2 or later;
Upgrade component endpoint_manager_mobile to version 11.9.1.2 or later;
Upgrade component endpoint_manager_mobile to version 11.10.0.3 or later.
At present, the official patch has been released: https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
68、CVE-2023-35082(Ivanti EPMM 授权问题漏洞)
Description: A security vulnerability exists in Ivanti EPMM 11.10 and earlier versions that results from an authentication bypass vulnerability that allows an unauthorized user to access restricted functionality or resources of an application without proper authentication.
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
Mitigation: Patch Released: Patch Released: Patch Released: Patch Released: https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US Patch
69、CVE-2023-3519(Citrix NetScaler ADC 和 NetScaler Gateway 代码注入漏洞)
Vulnerability Description: A code injection vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway that could lead to unauthenticated remote code execution.
Affected versions:
Citrix:NetScaler ADC 、NetScaler Gateway 13.0 ~ 13.0-91.13
Citrix:NetScaler ADC 、NetScaler Gateway 13.1 ~ 13.1-49.13
Citrix:NetScaler ADC 13.1-FIPS ~ 13.1-37.159
Citrix:NetScaler ADC 12.1-FIPS ~ 12.1-55.297
Citrix:NetScaler ADC 12.1-NDcPP ~ 12.1-55.297
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Mitigations:
To upgrade to a secure version:
Citrix:NetScaler ADC 、NetScaler Gateway 13.0-91.13
Citrix:NetScaler ADC 、NetScaler Gateway 13.1-49.13
Citrix:NetScaler ADC 13.1-37.159
Citrix:NetScaler ADC 12.1-55.297
At present, the official patch has been released:
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
70、CVE-2023-35311(Microsoft Outlook 安全功能绕过漏洞)
漏洞描述:Microsoft Outlook 包含一个安全功能绕过漏洞,允许攻击者绕过 Microsoft Outlook 安全通知提示。 以下产品和版本受到影响:Microsoft 365 Apps for Enterprise for 32-bit Systems,Microsoft Office LTSC 2021 for 32-bit editions,Microsoft 365 Apps for Enterprise for 64-bit Systems,Microsoft Office LTSC 2021 for 64-bit editions,Microsoft Office 2019 for 32-bit editions,Microsoft Outlook 2016 (32-bit edition),Microsoft Office 2019 for 64-bit editions,Microsoft Outlook 2016 (64-bit edition), Microsoft Outlook 2013 (32-bit editions),Microsoft Outlook 2013 (64-bit editions),Microsoft Outlook 2013 RT Service Pack 1。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311
71、CVE-2023-35674(Google Android框架权限升级漏洞)
Description: Due to a logic error in the code, there is a way in the onCreate method of the WindowState.java that may cause background activities to start. This can result in an escalation of local privileges without the need for additional execution privileges. No user interaction is required to exploit the vulnerability.
https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e
Mitigation: The official patch has been released, and it is recommended to upgrade to the 2023-09-05 or later security patch:
https://source.android.com/docs/security/bulletin/2023-09-01?hl=zh-cn
72、CVE-2023-36025(Microsoft Windows SmartScreen 安全功能绕过漏洞)
漏洞描述:Microsoft Windows SmartScreen 包含一个安全功能绕过漏洞,攻击者可绕过 Windows Defender SmartScreen 检查及其相关提示。 以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems, Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems, Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025
73、CVE-2023-36033(Windows DWM 核心库特权提升漏洞)
漏洞描述:Window Manager (DWM) Core Library 含有一个不明漏洞,可导致权限提升。 以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 11 Version 23H2 for ARM64-based Systems, Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation)。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
74、CVE-2023-36036(Windows Cloud Files Mini Filter Driver 特权提升漏洞)
漏洞描述:Microsoft Windows Cloud Files Mini Filter 驱动程序包含一个权限升级漏洞,攻击者可利用该漏洞获得系统管理员权限。 以下产品和版本受到影响:Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems, Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016, Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 23H2 for x64-based Systems,Windows 10 Version 1809 for 32-bit Systems, Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
75、CVE-2023-36563(Microsoft WordPad 安全漏洞)
漏洞描述:Microsoft WordPad 包含一个未指定的漏洞,该漏洞可导致信息泄露,存在信息泄露漏洞,攻击者可以利用该漏洞获取受影响用户使用WordPad编辑的敏感文件的敏感信息。 通过利用该漏洞,攻击者可以非法访问被保护的文件,可能导致用户的个人隐私泄露和信息泄露风险。 以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems, Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563
76、CVE-2023-36584(Microsoft Windows 网络标记 <MOTW> 安全功能绕过漏洞)
漏洞描述:Microsoft Windows Mark of the Web (MOTW) 包含一个安全功能绕过漏洞,导致安全功能完整性和可用性的有限损失。 攻击者可以利用该漏洞绕过标记网页的安全功能。 这可能导致恶意网页绕过浏览器的安全机制,从而进行恶意活动,如潜在的恶意软件传播和数据泄露。 以下产品和版本受到影响:Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems, Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems, Windows 10 Version 22H2 for 32-bit Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation)。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584
77、CVE-2023-36761(Microsoft Word 信息披露漏洞)
漏洞描述:Microsoft Word 包含一个未指定的漏洞,可导致信息泄露,攻击者利用该漏洞可以获取敏感信息。 以下产品和版本受到影响:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft 365 Apps for Enterprise for 32-bit Systems,Microsoft 365 Apps for Enterprise for 64-bit Systems,Microsoft Office LTSC 2021 for 64-bit editions,Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Word 2016 (32-bit edition),Microsoft Word 2016 (64-bit edition), Microsoft Word 2013 RT Service Pack 1,Microsoft Word 2013 Service Pack 1 (32-bit editions),Microsoft Word 2013 Service Pack 1 (64-bit editions)。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761
78、CVE-2023-36802(Microsoft流式处理代理特权提升漏洞)
漏洞描述:Microsoft串流服务代理伺服器存在漏洞,导致权限提升。 以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems。
Mitigations: Patches have been officially released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
79、CVE-2023-36844(瞻博网络 Junos OS EX 系列 PHP 外部变量修改漏洞)
Vulnerability Description: Juniper Networks Junos OS on EX Series has a PHP external variable modification vulnerability that allows an unauthenticated network attacker to take control of certain important environment variables. An attacker could use a forged request to modify some PHP environment variables, resulting in partial loss of integrity and potentially leading to other vulnerabilities cascading. This issue affects Juniper Networks Junos OS The following versions of the EX series: all previous versions 20.4R3-S9, 21.2 versions earlier than 21.2R3-S6, 21.3 versions earlier than 21.3R3-S5, 21.4 versions earlier than 21.4R3-S5, 22.1 versions earlier than 22.1R3-S4, 22.2 versions earlier than 22.2R3-S2, 22.3 versions earlier than 22.3R3-S1, 22.4 versions earlier than 22.4R2-S2, 22.4R3.
Mitigations: Junos 20.4 and later components, and the official patch has been released:
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
80、CVE-2023-36845(瞻博网络 Junos OS EX 系列和 SRX 系列 PHP 外部变量修改漏洞)
Vulnerability Description: A PHP external variable modification vulnerability exists in the Junos operating system on the EX Series and SRX Series that allows an unauthenticated network attacker to take control of an important environment variable. An attacker could use a forged request to set the variable PHPRC, thereby modifying the PHP execution environment to allow code injection and execution. This issue affects the following versions of Juniper Networks Junos OS: All versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; Version 22.4 is earlier than 22.4R2-S1 and 22.4R3; Version 23.2 is earlier than 23.2R1-S1 and 23.2R2.
Mitigation: Upgrade the Junos component to version 20.4 and above, and the official patch has been released:
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
81、CVE-2023-36846(瞻博网络 Junos OS SRX 系列关键功能认证缺失漏洞)
Vulnerability Description: A critical feature authentication missing vulnerability exists in the Juniper Junos operating system on the SRX Series that allows an unauthenticated network attacker to have a limited impact on file system integrity. By making a specific request to the user.php that does not require authentication, an attacker is able to upload arbitrary files over the J-Web, causing parts of the file system to lose integrity and potentially chain other vulnerabilities. This issue affects Juniper Networks Junos OS The following versions of the SRX series: all versions prior to 20.4R3-S8, 21.2 prior to 21.2R3-S6, 21.3 prior to 21.3R3-S5, 21.4 prior to 21.4R3-S5, 22.1 prior to 22.1R3-S3, 22.2 prior to 22.2R3-S2, 22.3 prior to 22.3R2-S2 and 22.3R3, and 22.4 prior to 22.4R2-S1 and 22.4R3.
Mitigation: Upgrade the Junos component to version 20.4 and above, and the official patch has been released:
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
82、CVE-2023-36847(瞻博网络 Junos OS EX 系列关键功能认证缺失漏洞)
Vulnerability Description: Juniper Networks Junos OS on EX Series has a critical feature authentication missing vulnerability that allows an unauthenticated network attacker to have a limited impact on file system integrity. By making a specific request to installAppPackage.php that does not require authentication, an attacker can upload arbitrary files over J-Web, causing parts of the file system to lose integrity and potentially chain other vulnerabilities. This issue affects Juniper Networks Junos The following OS versions are available on the EX series: all versions prior to 20.4R3-S8, 21.2 versions prior to 21.2R3-S6, 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S4, 22.1 versions prior to 22.1R3-S3, 22.2 versions prior to 22.2R3-S1, 22.3 versions prior to 22.3R2-S2, 22.3R3 prior to 22.3R3, and 22.4 versions prior to 22.4R2-S1, before 22.4R3.
Mitigation: Upgrade the Junos component to version 20.4 and above, and the official patch has been released:
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
83、CVE-2023-36851(瞻博网络 Junos OS SRX 系列关键功能认证缺失漏洞)
Vulnerability Description: A critical feature authentication missing vulnerability in the Juniper Junos operating system on the SRX Series could allow an unauthenticated network-based attacker to have a limited impact on file system integrity. By making a specific request to the webauth_operation.php that does not require authentication, an attacker is able to upload arbitrary files over the J-Web, resulting in the loss of integrity of parts of the file system, potentially chaining other vulnerabilities. This issue affects Juniper Networks Junos OS on the SRX Series: * 22.4R2-S2, 22.4R3 prior to 22.4R3; * 23.2 versions prior to 23.2R2.
Mitigation: Upgrade the Junos component to version 20.4 and above, and the official patch has been released:
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
84、CVE-2023-36874(Microsoft Windows 错误报告服务权限升级漏洞)
漏洞描述:微软视窗错误报告服务包含漏洞,可导致权限提升。 以下产品和版本受到影响:Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems, Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019。
Mitigation: Install the latest security patches for Windows:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874
85、CVE-2023-36884(Microsoft Windows Search 远程代码执行漏洞)
漏洞描述:Microsoft Windows Search 包含一个未指定的漏洞,攻击者可通过特制的恶意文件避开 Web 标记 (MOTW) 防御,导致远程代码执行。 以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Microsoft Office 2019 for 32-bit editions, Microsoft Office 2019 for 64-bit editions,Microsoft Office LTSC 2021 for 64-bit editions,Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Word 2016 (32-bit edition),Microsoft Word 2016 (64-bit edition),Microsoft Word 2013 Service Pack 1 (32-bit editions),Microsoft Word 2013 Service Pack 1 (64-bit editions)。
Mitigation: Install the latest security patches for Windows:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
86、CVE-2023-37580(Zimbra Collaboration <ZCS> 跨站脚本 (XSS) 漏洞)
Vulnerability: In versions prior to Patch 41 of Zimbra Collaboration (ZCS) 8, an XSS vulnerability exists in the Zimbra Classic web client. An attacker can exploit this vulnerability to send malicious code to a victim to steal their sensitive information.
Mitigation: Upgrade the component zimbra to version 8.8.15 and above:
https://wiki.zimbra.com/wiki/Security_Center
87、CVE-2023-38035(Ivanti Sentry 身份验证绕过漏洞)
Vulnerability Description: A security vulnerability exists in the MICS Management Portal of Ivanti MobileIron Sentry version 9.18.0 and earlier, which could allow an attacker to bypass authentication controls on the admin interface due to insufficient Apache HTTPD configuration restrictions.
https://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
88、CVE-2023-38180(Microsoft .NET Core 和 Visual Studio 拒绝服务漏洞)
漏洞描述:Microsoft .NET Core 和 Visual Studio 包含一个未指定的漏洞,可导致拒绝服务 (DoS)。 以下产品和版本受到影响:Microsoft Visual Studio 2022 version 17.2,Microsoft Visual Studio 2022 version 17.4,Microsoft Visual Studio 2022 version 17.6,ASP.NET Core 2.1,.NET 6.0,.NET 7.0。
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
89、CVE-2023-38203(Adobe ColdFusion 对不可信任数据的反序列化漏洞)
Vulnerability description: Adobe ColdFusion versions 2018u17 (and earlier versions), 2021u7 (and earlier versions), and 2023u1 (and earlier versions) are affected by a deserialized untrusted data vulnerability that could lead to arbitrary code execution. Exploiting this issue requires no user interaction.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html
90、CVE-2023-38205(Adobe ColdFusion 存取控制不当漏洞)
Vulnerability Description: Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier), and 2023u2 (earlier) are affected by an improper access control vulnerability that may lead to security feature bypass. An attacker can exploit this vulnerability to gain access to management CFM and CFC endpoints. Exploiting this issue requires no user interaction.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html
91、CVE-2023-38831(RARLAB WinRAR 代码执行漏洞)
Vulnerability description: When a compressed file is opened in WinRAR versions earlier than 6.2.3, the ShellExecute function is called to match the file name, and if the target file name does not match the file type, the batch file in the target file will be executed. An attacker can exploit this vulnerability to construct a malicious compressed file, which contains a file with a malicious payload and a folder with the same name, and trick a user into opening a malicious file with a payload in the compressed file to remotely execute arbitrary code.
https://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html
Mitigation: Use WinRAR with caution to open untrusted files, upgrade WinRAR to version 6.23 or later:
92, CVE-2023-40044 (Progress WS_FTP Server Deserialization Untrusted Data Vulnerability)
Vulnerability description: The Ad Hoc Transfer module of Progress WS_FTP Server contains a vulnerability in deserializing untrusted data, which could allow an authenticated attacker to execute remote commands on the underlying operating system.
https://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html
Mitigation: An official patch has been released, and it is recommended to upgrade to the new version:
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
93、CVE-2023-41179(趋势科技Apex One和Worry-Free Business Security远程代码执行漏洞)
漏洞描述:Trend Micro Apex One(本地和 SaaS)、Worry-Free Security 和 Worry-Free Security Services 中包含的第三方 AV 卸载程序模块中存在一个漏洞,攻击者可以操纵该模块对受影响的安装执行任意命令。 请注意,攻击者必须首先获取目标系统上的管理控制台访问权限才能利用此漏洞。
https://jvn.jp/en/vu/JVNVU90967486/
Mitigation: An official patch has been released, and it is recommended to upgrade to the new version:
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
94、CVE-2023-41265(Qlik Sense HTTP 隧道漏洞)
Vulnerability description: An HTTP tunnel vulnerability exists in Qlik Sense, which could allow an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.
Mitigation: An official patch has been released, and it is recommended to upgrade to the new version:
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801
95、CVE-2023-41266(Qlik Sense 路径遍历漏洞)
Vulnerability description: A path traversal vulnerability exists in Qlik Sense, which allows an unauthenticated, remote attacker to create an anonymous session by sending a maliciously crafted HTTP request. The anonymous session allows the attacker to send more requests to the unauthorized endpoint.
Mitigation: An official patch has been released, and it is recommended to upgrade to the new version:
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801
96、CVE-2023-41763(Microsoft Skype for Business 权限升级漏洞)
漏洞描述:Microsoft Skype for Business 存在提权漏洞,攻击者通过利用该漏洞可以提升其在系统中的权限,从而执行恶意操作和访问敏感信息。 以下产品和版本受到影响:Skype for Business Server 2015 CU13,Skype for Business Server 2019 CU7。
Mitigations: Users are advised to update Skype for Business in a timely manner to fix vulnerabilities, and an official patch has been released:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763
97、CVE-2023-4211(Mali GPU 内核驱动程序允许不正确的 GPU 内存处理操作)
Vulnerability Description: The Arm Mali GPU kernel driver contains a "use-and-release" vulnerability that allows a local unprivileged user to perform inappropriate GPU memory processing operations in order to access freed memory.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
98、CVE-2023-42793(JetBrains TeamCity 身份验证绕过漏洞)
Vulnerability Description: JetBrains TeamCity contains an authentication bypass vulnerability that allows remote code execution on TeamCity servers. An attacker can construct a malicious request to create a token and use the relevant functions to execute arbitrary code to control the server.
https://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
Mitigation: An official security update has been released, and it is recommended to upgrade to the latest version:
https://www.jetbrains.com/privacy-security/issues-fixed/
99、CVE-2023-43770(Roundcube Webmail 持久性跨站脚本<XSS>漏洞)
Vulnerability Description: Roundcube Webmail contains a persistent Cross-Site Scripting (XSS) vulnerability that could lead to information disclosure via malicious link references in plain text/text messages involving Roundcube prior to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
100、CVE-2023-44487(HTTP/2 快速重置攻击漏洞)
Vulnerability description: In an HTTP/2 fast reset attack, the client opens a large number of streams at a time, but does not wait for the server or proxy to respond to each request stream, but immediately cancels each request.
Mitigation measures: For protocol vulnerabilities, it is recommended to disable the HTTP/2 protocol, downgrade to HTTP/1.1, or update the security settings related to various products, such as maintaining a maximum of 1,000 HTTP connections under the default configuration of nginx, as long as the server performance is not too bad and not affected by this vulnerability under the default configuration; Jetty, on the other hand, is affected by the vulnerability and needs to be updated to the latest security version:
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
101、CVE-2023-46604(Apache ActiveMQ 反序列化不信任数据漏洞)
Vulnerability description: An untrusted data deserialization vulnerability exists in Apache ActiveMQ that could allow a remote attacker with access to the proxy network to run shell commands by manipulating a serialized class type in the OpenWire protocol, causing the broker to instantiate any class on the classpath. Affected Apache ActiveMQ includes: 5.18.0 to 5.18.2, 5.17.0 to 5.17.5, 5.16.0 to 5.16.6, and 5.15.0 to 5.15.15.
https://security.netapp.com/advisory/ntap-20231110-0010/
Mitigations: The vulnerability has been fixed in the following versions of Apache ActiveMQ and users should upgrade to these security versions: 5.18.3, 5.17.6, 5.16.7, 5.15.16:
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
102、CVE-2023-46747(F5 BIG-IP 配置实用程序身份验证绕过漏洞)
Vulnerability Description: The F5 BIG-IP Configuration Utility contains an authentication bypass vulnerability using alternate paths or tunnels due to undisclosed requests, potentially allowing an unauthenticated attacker to gain network access to a BIG-IP system through an administrative port and/or its own IP address to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748. Affected versions:
17.1.0
16.1.0 - 16.1.4
15.1.0 - 15.1.10
14.1.0 - 14.1.5
13.1.0 - 13.1.5
https://my.f5.com/manage/s/article/K000137353
Mitigations: 1. Use the security group feature to set it to be open only to trusted addresses, 2. Upgrade to a secure version or later, and the security version:
17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG3
16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG3
15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG3
14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG3
13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG3
103、CVE-2023-46748(F5 BIG-IP 配置实用程序 SQL 注入漏洞)
Vulnerability Description: The F5 BIG-IP Configuration Utility contains a SQL injection vulnerability that could allow an authenticated attacker with network access via the BIG-IP management port and/or from an IP address to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://my.f5.com/manage/s/article/K000137365
104、CVE-2023-46805(Ivanti Connect Secure 和 Policy Secure 身份验证绕过漏洞)
漏洞描述:Ivanti Connect Secure(ICS,以前称为 Pulse Connect Secure)和 Ivanti Policy Secure 网关的 Web 组件中包含一个身份验证绕过漏洞,允许攻击者绕过控制检查访问受限资源。 该漏洞可与命令注入漏洞 CVE-2024-21887 结合使用。
Mitigation measures: 1. Use the security group to set it to be open only to trusted addresses, 2. The official patches and mitigation plans have been released:
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
105、CVE-2023-47246(SysAid 服务器路径遍历漏洞)
Vulnerability description: In SysAid On-Premise versions earlier than 23.3.36, a path traversal vulnerability exists that allows an attacker to write a file in Tomcat webroot to cause code execution.
Mitigation: Upgrade the component sysaid_on-premises to version 23.3.36 and above:
https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023
106、CVE-2023-47565(QNAP VioStor NVR 操作系统命令注入漏洞)
Description: A command injection vulnerability affecting the operating system of older versions of QNAP VioStor NVR running QVR firmware 4.x. If exploited, this could allow an authenticated user to execute commands over the network.
Mitigation: Upgrade to QVR firmware 5.0.0 and later:
https://www.qnap.com.cn/zh-cn/security-advisory/qsa-23-48
107、CVE-2023-4762(谷歌 Chromium V8 类型混乱漏洞)
Vulnerability description: Google Chromium V8 prior to version 116.0.5845.179 has a type confusion vulnerability that allows a remote attacker to execute code via a forged HTML page. The vulnerability could affect multiple web browsers using Chromium, including but not limited to Google Chrome, Microsoft Edge, and Opera.
Mitigation: Update your current system or software to the latest version:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
108、CVE-2023-4863(Google Chromium WebP 基于堆的缓冲区溢出漏洞)
Vulnerability description: A heap-based buffer overflow vulnerability exists in Google Chromium WebP, which allows a remote attacker to perform out-of-bounds memory writes through a forged HTML page. This vulnerability can affect applications that use the WebP codec.
Mitigation: Upgrade libwebp to version 1.3.2 or later:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
109、CVE-2023-48788(Fortinet FortiClient EMS SQL 注入漏洞)
Vulnerability description: A SQL injection vulnerability exists in Fortinet FortiClient EMS, which allows an unauthenticated attacker to execute commands as SYSTEM through a specially crafted request.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://www.fortiguard.com/psirt/FG-IR-23-430
110、CVE-2023-49103(ownCloud graphapi 信息披露漏洞)
Vulnerability: ownCloud owncloud/graphapi 0.2.x exists before 0.2.1 and 0.3.x before 0.3.1. The graphapi application relies on third-party GetPhpInfo.php libraries that provide URLs. When this URL is accessed, the configuration details of the PHP environment (phpinfo) are displayed. This information includes all environment variables for the web server, including sensitive data such as ownCloud admin passwords, mail server credentials, and license keys.
Mitigation: An official security update has been released, and it is recommended to upgrade to the latest version:
https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/
111、CVE-2023-4911(Citrix NetScaler ADC 和 NetScaler 网关缓冲区溢出漏洞)
Vulnerability description: Due to a buffer overflow vulnerability in the dynamic loader ld.so in Glibc's GNU C library when processing GLIBC_TUNABLES environment variables, a local attacker could run a binary with SUID privileges to process malicious GLIBC_TUNABLES environment variables and escalate them to root privileges. This vulnerability affects major Linux distributions and later versions, including RHEL/CentOS 8.5 and above, Fedora 37 and 38, Debian 12 and 13, Ubuntu 22.04 and 23.04, and the glibc package < 2.37-R7 in Gentoo.
Mitigations:
1.Fedora 37 更新至glibc-2.36-14.fc37版(版):https://www.gnu.org/software/libc/
2. Enable the SystemTap script to terminate any setuid program called by GLIBC_TUNABLES, if the setuid program is called, you need to cancel the setting or clear the envvar GLIBC_TUNABLES.
112、CVE-2023-4966(Citrix NetScaler ADC 和 NetScaler 网关缓冲区溢出漏洞)
Vulnerability Description: Citrix NetScaler ADC and NetScaler Gateway have a buffer overflow vulnerability that, when configured as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or AAA virtual server, could lead to the disclosure of sensitive information.
https://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
113、CVE-2023-49897(FXC AE1021、AE1021PE 操作系统命令注入漏洞)
Vulnerability description: FXC AE1021 and AE1021PE have an operating system command injection vulnerability that allows an authenticated user to execute commands over the network. Products and versions affected: FXC AE1021PE 2.0.9 and earlier, AE1021 2.0.9 and earlier.
https://jvn.jp/en/vu/JVNVU92152057/
缓解措施:将组件 ae1021_firmware 升级至 2.0.10 及以上版本; 将组件 ae1021pe_firmware 升级至 2.0.10 及以上版本:https://www.fxc.jp/news/20231206
114、CVE-2023-5217(Google Chromium libvpx 堆缓冲区溢出漏洞)
Vulnerability: A heap overflow vulnerability exists in the libvpx module (< 1.13.1) of Google Chrom < 117.0.5938.132, which can be exploited by a remote attacker through a forged HTML page. This vulnerability may affect web browsers using libvpx, including but not limited to the Google Chrome browser.
Mitigation: Upgrade the component Google Chrome to version 117.0.5938.132 and above; Upgrade libvpx to version 1.13.1 or later:
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
115、CVE-2023-5631(Roundcube Webmail 持久性跨站脚本<XSS>漏洞)
Vulnerability description: In versions prior to 1.4.15, 1.5.x prior to 1.5.5, and 1.6.x prior to 1.6.4, Roundcube was allowed to exploit stored cross-site scripting via HTML email messages carrying carefully crafted SVG documents due to the behavior of program/lib/Roundcube/rcube_washtml.php. This could allow a remote attacker to load arbitrary JavaScript code.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613
116、CVE-2023-6345(Google Skia 整数溢出漏洞)
Description: An integer overflow vulnerability exists in Google Chrome 119.0.6045.199 and earlier versions where a remote attacker may execute sandboxing through malicious files. This vulnerability affects the Google Chrome browser and ChromeOS, Android, Flutter, and possibly other products.
Mitigation: Upgrade component Chrome to version 119.0.6045.199 and above; To upgrade the component chromium to version 119.0.6045.199 and above:
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
117、CVE-2023-6448(Unitronics Vision PLC 和 HMI 不安全默认密码漏洞)
Vulnerability description: Unitronics Vision Series PLCs and HMIs come with an insecure default password that could allow an attacker to execute remote commands if the password remains unchanged.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://www.unitronicsplc.com/programmable-controllers-vision-series/
118、CVE-2023-6548(Citrix NetScaler ADC 和 NetScaler Gateway 代码注入漏洞)
Vulnerability Description: A code injection vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway that allows the execution of authenticated remote code on a management interface that accesses NSIP, CLIP, or SNIP. Products and versions affected: NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-12.35, 13.1 prior to 13.1-51.15, 13.0 prior to 13.0-92.21, NetScaler ADC 13.1-FIPS prior to 13.1-37.176, 12.1-FIPS prior to 12.1-55.302, Versions earlier than 12.1-55.302.
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
Mitigations:
Upgrade netscaler_gateway to versions 14.1-12.35 and above;
Upgrade netscaler_application_delivery_controller to versions 12.1-55.302 and above;
Upgrade netscaler_application_delivery_controller to versions 13.0-92.21 and above;
Upgrade netscaler_application_delivery_controller to versions 13.1-37.176 and above;
Upgrade netscaler_application_delivery_controller to versions 13.1-51.15 and above;
Upgrade netscaler_application_delivery_controller to versions 14.1-12.35 and above;
Upgrade netscaler_gateway to versions 13.0-92.21 and above;
Upgrade netscaler_gateway to versions 13.1-51.15 and later.
119、CVE-2023-6549(Citrix NetScaler ADC 和 NetScaler 网关缓冲区溢出漏洞)
Vulnerability Description: Citrix NetScaler ADC and NetScaler Gateway have a buffer overflow vulnerability that can cause a denial of service when configured as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or AAA virtual server. Products and versions affected: NetScaler ADC and NetScaler Gateway 14.1 prior to 12.35, 13.1 prior to 13.1-51.15, 13.0 prior to 13.0-92.21, NetScaler ADC 13.1-FIPS prior to 13.1-37.176, 12.1-FIPS prior to 12.1-55.302, Versions earlier than 12.1-55.302.
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
Mitigations:
Upgrade netscaler_application_delivery_controller to versions 12.1-55.302 and above;
Upgrade netscaler_application_delivery_controller to versions 13.0-92.21 and above;
Upgrade netscaler_application_delivery_controller to versions 13.1-37.176 and above;
Upgrade netscaler_application_delivery_controller to versions 13.1-51.15 and above;
Upgrade netscaler_application_delivery_controller to versions 14.1-12.35 and above;
Upgrade netscaler_gateway to versions 13.0-92.21 and above;
Upgrade netscaler_gateway to versions 13.1-51.15 and above;
Upgrade netscaler_gateway to versions 14.1-12.35 and above.
120、CVE-2023-7024(Google Chromium WebRTC 堆缓冲区溢出漏洞)
Vulnerability description: Google Chromium WebRTC is an open-source project that provides real-time communication capabilities for web browsers. The project has a heap buffer overflow vulnerability that could be exploited by a remote attacker via a fake HTML page. The vulnerability could affect web browsers that use WebRTC, including but not limited to the Google Chrome browser.
Mitigation: Update the current system or software to the latest version to complete the vulnerability fix:
https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-7024
121、CVE-2023-7101(电子表格::P arseExcel 远程代码执行漏洞)
Vulnerability Description: Spreadsheet: A remote code execution vulnerability exists in arseExcel :P due to the input of an unauthenticated file of type "eval" of type "eval". Specifically, the problem stems from the evaluation of Number-formatted strings in Excel's parsing logic.
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
Mitigation Measures: Not available.