Control Gap Vulnerability Roundup: December 31st to January 6th
This week saw the publication of 425 new CVE IDs. Of those, 240have not yet been assigned official CVSS scores, however, of the ones that were,...
3 min read
Zach Matthews : Apr 20, 2023 4:02:08 PM
This week saw the publication of 652 new CVE IDs. Of those, 240 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 12% were of critical severity, 48% were high, 39% were medium, and 1% were low. Listed below are the vulnerabilities that caught our attention:
The modern threat landscape represents an ever-changing vista of vulnerabilities, tools, tactics, and procedures which pose an existential threat to the security of organizations’ IT infrastructures. A key part of an evergreen security program is to maintain an up-to-date knowledge base of actionable threat intelligence that an organization can leverage to improve its security posture. Where dozens of novel threats and vulnerabilities become public each week, it can be challenging for IT professionals to keep pace. Control Gap intends to separate the signal from the noise by highlighting in this weekly segment newly disclosed vulnerabilities that have been assigned a CVE ID and which may be exceedingly novel, widespread, critical, or otherwise noteworthy.
The available threat intelligence at time of writing is documented below. Updates will be clearly marked.
Real-World Exploitability High |
Exploited in the Wild No |
Available Public Exploits No |
A vulnerability in the Microsoft Windows Message Queueing service has been disclosed which affects multiple versions of Windows and Windows server up to the latest versions of Windows 11 and Windows Server 2022. The Microsoft Windows Message Queueing service is an optional service which “enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline”. The vulnerability, which was assigned a CVSS score of 9.8, allows an unauthenticated attacker to execute arbitrary code on the affected system. The vulnerability was patched during April’s patch Tuesday and Microsoft is urging users to update as soon as possible, or disable the MSMQ service. The flaw was discovered by researchers working with Fortinet and Checkpoint Research who claimed it could be exploited with a single network packet. The vulnerability is tracked as CVE-2023-21554.
Real-World Exploitability High |
Exploited in the Wild Yes |
Available Public Exploits No |
Threat researchers with Kaspersky’s Global Research and Analysis Team “GReAT” identified exploit attempts targeting the Windows Common Log File System “CLFS”. “CLFS” is a “log file subsystem” for Windows which was introduced with Windows Server 2003 R2. According to Kaspersky, 32 unique escalation of privilege vulnerabilities affecting “CLFS” have been disclosed since 2018. Interestingly, Kaspersky noted that the exploitation techniques they found were highly similar to other modern vulnerability exploits affecting “CLFS”, leading Kaspersky to believe the exploits were discovered and authored by the same developer. The vulnerability is being tracked as CVE-2023-28252 and would allow a low privileged user to execute code in the context of the SYSTEM account. The vulnerability affects multiple versions of Windows, is known to be exploited in the wild, and has been addressed in Microsoft’s April patch Tuesday.
Real-World Exploitability High |
Exploited in the Wild No |
Available Public Exploits No |
SAP, a German based enterprise software provider has disclosed two critical vulnerabilities in its Diagnostic Agent and NetWeaver. The first vulnerability, CVE-2023-27267, affects the SAP Diagnostic Agent version 720 and allows an unauthenticated attacker to bypass authentication and execute arbitrary scripts on connected agents. The second vulnerability, CVE-2023-29186, affects SAP NetWeaver versions 707, 737, 747, and 757, and would allow an authenticated attacker to upload and overwrite arbitrary files on the affected system. SAP has released a comprehensive patch disclosure and is urging users to update swiftly. SAP’s motto “The best run SAP” is no exaggeration; according to SAP’s testimonials page, 99 of the 100 largest companies in the world utilize SAP software. Critical flaws such as those above are likely to be targeted by threat actors who engage in “whaling”, a practice of targeting the wealthiest or most influential organizations in an industry.
|
Real-World Exploitability Medium |
Exploited in the Wild No |
Available Public Exploits Yes |
In one of the largest and most detailed NVD entries I have ever seen, a novel vulnerability has been disclosed for Spice DB which would allow an attacker to retrieve sensitive information about the database instance. The vulnerability, CVE-2023-29193, affects the Spice DB debug command line which is available by default on port 9090. An attacker who could view the metrics endpoint could view the command line flags used when the Spice DB server was started, among which, is the “grpc-preshared-key” used by the server to implement authentication on the gRPC API endpoints. The contents of the key are considered secret but will be exposed through the metrics endpoint and could then be abused by an attacker to access the API endpoints. The flaw was fixed in version 1.19.1 and the NVD entry provides multiple workarounds and mitigations.
This week saw the publication of 425 new CVE IDs. Of those, 240have not yet been assigned official CVSS scores, however, of the ones that were,...
1 min read
This week saw the publication of 294 new CVE IDs. Of those, 99 have not yet been assigned official CVSS scores, however, of the ones that were,...
1 min read
This week saw the publication of 501 new CVE IDs. Of those, 430 have not yet been assigned official CVSS scores, however, of the ones that were,...