In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 06-07, 2023.
During this period, The National Vulnerability Database published 55, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 6
Medium: 9
Low: 0
Severity Not Assigned: 37
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-22522
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References: https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362
https://jira.atlassian.com/browse/CONFSERVER-93502
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-22523
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
References: https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
https://jira.atlassian.com/browse/JSDSERVER-14925
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-22524
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
References: https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html
https://jira.atlassian.com/browse/CONFSERVER-93518
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6458
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal.
References: https://mattermost.com/security-updates
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6514
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.
Successful exploitation of this vulnerability may allow attackers to access restricted functions.
References: https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-ibvishssp-4bf951d4-en
CWE-ID: CWE-840
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-32268
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
References: https://portal.microfocus.com/s/article/KM000020081?language=en_US
CWE-ID: CWE-522
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-39538
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description:
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References: https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf
CWE-ID: CWE-20 CWE-434
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-39539
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description:
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References: https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf
CWE-ID: CWE-20 CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-49096
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.5
Description: Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos//stream` and `/Videos//stream.` endpoints which are present in the current Jellyfin version. Additional endpoints in the AudioController might also be vulnerable, as they differ only slightly in execution. Those endpoints are reachable by an unauthenticated user. In order to exploit this vulnerability an unauthenticated attacker has to guess an itemId, which is a completely random GUID. It’s a very unlikely case even for a large media database with lots of items. Without an additional information leak, this vulnerability shouldn’t be directly exploitable, even if the instance is reachable from the Internet. There are a lot of query parameters that get accepted by the method. At least two of those, videoCodec and audioCodec are vulnerable to the argument injection. The values can be traced through a lot of code and might be changed in the process. However, the fallback is to always use them as-is, which means we can inject our own arguments. Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can’t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. There is probably a way of overwriting an arbitrary file with malicious content. This vulnerability has been addressed in version 10.8.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://cwe.mitre.org/data/definitions/88.html
https://en.wikipedia.org/wiki/Pass_the_hash
https://ffmpeg.org/ffmpeg-filters.html#drawtext-1
https://github.com/jellyfin/jellyfin/commit/a656799dc879d16d21bf2ce7ad412ebd5d45394a
https://github.com/jellyfin/jellyfin/issues/5415
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-866x-wj5j-2vf4
CWE-ID: CWE-88
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 06-07, 2023.
During this period, The National Vulnerability Database published 55, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 6
Medium: 9
Low: 0
Severity Not Assigned: 37
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-22522
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
References: https://confluence.atlassian.com/pages/viewpage.action?pageId=1319570362
https://jira.atlassian.com/browse/CONFSERVER-93502
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-22523
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.
References: https://confluence.atlassian.com/security/cve-2023-22523-rce-vulnerability-in-assets-discovery-1319248914.html
https://jira.atlassian.com/browse/JSDSERVER-14925
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-22524
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
References: https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html
https://jira.atlassian.com/browse/CONFSERVER-93518
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6458
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: Mattermost webapp fails to validate route parameters in/
References: https://mattermost.com/security-updates
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6514
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.
Successful exploitation of this vulnerability may allow attackers to access restricted functions.
References: https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-ibvishssp-4bf951d4-en
CWE-ID: CWE-840
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-32268
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
References: https://portal.microfocus.com/s/article/KM000020081?language=en_US
CWE-ID: CWE-522
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-39538
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description:
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References: https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf
CWE-ID: CWE-20 CWE-434
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-39539
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description:
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References: https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf
CWE-ID: CWE-20 CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-49096
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.5
Description: Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos/
References: https://cwe.mitre.org/data/definitions/88.html
https://en.wikipedia.org/wiki/Pass_the_hash
https://ffmpeg.org/ffmpeg-filters.html#drawtext-1
https://github.com/jellyfin/jellyfin/commit/a656799dc879d16d21bf2ce7ad412ebd5d45394a
https://github.com/jellyfin/jellyfin/issues/5415
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-866x-wj5j-2vf4
CWE-ID: CWE-88
Common Platform Enumerations (CPE): Not Found