This week saw the publication of 576 new CVE IDs. Of those, 80 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 18% were of critical severity, 39% were high, 39% were medium, and 5% were low. Listed below are the vulnerabilities that caught our attention:
The modern threat landscape represents an ever-changing vista of vulnerabilities, tools, tactics, and procedures which pose an existential threat to the security of organizations’ IT infrastructures. A key part of an evergreen security program is to maintain an up-to-date knowledge base of actionable threat intelligence that an organization can leverage to improve its security posture. Where dozens of novel threats and vulnerabilities become public each week, it can be challenging for IT professionals to keep pace. Control Gap intends to separate the signal from the noise by highlighting in this weekly segment newly disclosed vulnerabilities that have been assigned a CVE ID and which may be exceedingly novel, widespread, critical, or otherwise noteworthy.
The available threat intelligence at time of writing is documented below. Updates will be clearly marked.
Real-World Exploitability High |
Exploited in the Wild Yes |
Available Public Exploits No |
Zimbra Collaboration Suite is a collection of collaboration software for business which includes e-mail, group calendars, video conferencing, chat and a web client. Previously a remote code execution vulnerability in the mboximport function would allow an attacker who was authenticated as an admin to upload a crafted .zip file and execute arbitrary code. This vulnerability, tracked as CVE-2022-27925 was given a medium severity rating. This week an authentication bypass vulnerability with CVE id CVE-2022-37042 was disclosed for the Zimbra platform. This vulnerability would allow an attacker to authenticate as an admin which could then be chained with the other vulnerability to remotely compromise any affected Zimbra server. Zimbra has released a security advisory and patch. The threat intelligence firm Volexity has reported that the vulnerability is being exploited on a mass scale in the wild. Zimbra has advised customers to immediately patch if they are using Zimbra versions older than 8.8.15-33 or 9.0.0-26.
|
Real-World Exploitability Medium |
Exploited in the Wild No |
Available Public Exploits No |
Microsoft published six unique vulnerabilities affecting the Microsoft Exchange server product including information disclosure and privilege escalation. The exploitability of these vulnerabilities is varying but could lead to an attacker escalating privileges or reading emails from the Exchange Server. Microsoft published separate advisories for each vulnerability and can be found by navigating to the respective CVE page. Microsoft recommends applying relevant patches and claims that none of the vulnerabilities have been exploited in the wild. The CVEs are being tracked with the following ids: CVE-2022-21979, CVE-2022-21980, CVE-2022-24477, CVE-2022-24516, CVE-2022-30134, CVE-2022-34692.
|
Real-World Exploitability Medium |
Exploited in the Wild No |
Available Public Exploits No |
A remote code execution vulnerability in Microsoft Windows NFS4.1 affecting Windows Server 2022 was disclosed by Microsoft this past week. This vulnerability has not been publicly disclosed and according to Microsoft is not exploited in the wild. Microsoft also assured customers that NFS versions 2.0 and 3.0 are unaffected. An official update has been released along with an advisory from Microsoft which assigned a CVSS score of 9.8 to the vulnerability. The vulnerability is currently being tracked with the CVE id CVE-2022-34715.
Real-World Exploitability High |
Exploited in the Wild Unknown |
Available Public Exploits No |
Apps developed using Google Play Services SDK before version 18.0.2 incorrectly had the mutability flag set to PendingIntents. This misconfiguration allows an attacker to gain access to all non-exported providers and/or to providers for which the user has permissions. Providers are a component of Android applications which allow for communication between apps on the device. Given that Google Play Services SDK is so popular the publishers theorize that this vulnerability likely affects many Android applications. Google recommends upgrading to version 18.0.2 of the SDK and rebuilding and redeploying any Android applications which have been built using the older software. The vulnerability is being tracked with the CVE id CVE-2022-2390.