Sunday, November 24, 2024
CISA Exploit List

CISA Update September 2023

by Artie Kaye

A monthly update of high severity flaws which are actively being exploited. If using any of the programs or devices it is advised to take the recommended steps to mitigate. Wyo Support News may have reported on some of these vulnerabilities in the past. Below are the items added in August. (Links open in a new browser tab/window.)

    Company                  CVE                        Platform                                                                  Details                                                        
AdobeCVE-2023-26359ColdFusionhttps://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
CitrixCVE-2023-24489Content Collaborationhttps://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Ignite RealtimeCVE-2023-32315Openfirehttps://discourse.igniterealtime.org/t/cve-2023-32315-openfire-vulnerability-update/93166
https://www.igniterealtime.org/downloads/#openfire
IvantiCVE-2023-38035Sentryhttps://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
MicrosoftCVE-2023-38180.NET Core and Visual Studiohttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180
RARLABCVE-2023-38831WinRARhttp://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232
VeeamCVE-2023-27532Backup & Replicationhttps://www.veeam.com/kb4424
ZyxelCVE-2017-18368P66HN-T1A Routershttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe

For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)