In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 08-09, 2023.
During this period, The National Vulnerability Database published 106, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 17
Medium: 31
Low: 1
Severity Not Assigned: 54
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-6002
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an attacker to forge log entries or inject malicious content into the logs.
References: https://www.yugabyte.com/
CWE-ID: CWE-117
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-41111
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.
References: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-41112
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.
References: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6012
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.7
Description: An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-data-validation-lanaccess-onsafe-monitorhm-web-console
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-35767
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-45319
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-45849
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-47107
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0.
References: https://github.com/THM-Health/PILOS/security/advisories/GHSA-mc6f-fj9h-5735
CWE-ID: CWE-20 CWE-640
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-5759
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-5913
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
References: https://portal.microfocus.com/s/article/KM000023500?language=en_US
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-47111
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.
References: https://github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077
https://github.com/zitadel/zitadel/releases/tag/v2.38.3
https://github.com/zitadel/zitadel/releases/tag/v2.40.5
https://github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4m
CWE-ID: CWE-362
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-47113
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
References: https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-4632
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-135367
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-4706
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description:
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-127385
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-5079
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
References: https://iknow.lenovo.com.cn/detail/418253?
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-39435
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321 IP Cameras
with firmware version M2.1.6.05 are
vulnerable to stack-based overflows. During the process of updating
certain settings sent from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-3959
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-43755
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. During the
processing and parsing of certain fields in XML elements from incoming
network requests, the product does not sufficiently check or validate
allocated buffer size. This may lead to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-45225
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While parsing
certain XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-4249
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 has a
command injection vulnerability in their implementation of their
binaries and handling of network requests.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between November 08-09, 2023.
During this period, The National Vulnerability Database published 106, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 17
Medium: 31
Low: 1
Severity Not Assigned: 54
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-6002
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an attacker to forge log entries or inject malicious content into the logs.
References: https://www.yugabyte.com/
CWE-ID: CWE-117
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-41111
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.
References: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-41112
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.
References: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6012
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.7
Description: An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-input-data-validation-lanaccess-onsafe-monitorhm-web-console
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-35767
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-45319
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-45849
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-47107
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0.
References: https://github.com/THM-Health/PILOS/security/advisories/GHSA-mc6f-fj9h-5735
CWE-ID: CWE-20 CWE-640
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-5759
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
References: https://perforce.com
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-5913
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
References: https://portal.microfocus.com/s/article/KM000023500?language=en_US
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-47111
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.
References: https://github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077
https://github.com/zitadel/zitadel/releases/tag/v2.38.3
https://github.com/zitadel/zitadel/releases/tag/v2.40.5
https://github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4m
CWE-ID: CWE-362
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-47113
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
References: https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-4632
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-135367
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-4706
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description:
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
References: https://support.lenovo.com/us/en/product_security/LEN-127385
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-5079
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
References: https://iknow.lenovo.com.cn/detail/418253?
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-39435
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321 IP Cameras
with firmware version M2.1.6.05 are
vulnerable to stack-based overflows. During the process of updating
certain settings sent from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-3959
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-43755
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. During the
processing and parsing of certain fields in XML elements from incoming
network requests, the product does not sufficiently check or validate
allocated buffer size. This may lead to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-45225
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While parsing
certain XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-4249
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 has a
command injection vulnerability in their implementation of their
binaries and handling of network requests.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found