2 min
Emergent Threat Response
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
3 min
Emergent Threat Response
Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server
Rapid7 is highlighting two critical vulnerabilities in outdated versions of
widely deployed software this week. Atlassian disclosed
[https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html]
CVE-2023-22527, a template injection vulnerability in Confluence Server with a
maxed-out CVSS score of 10, while VMware pushed a fresh update to its October
2023 vCenter Server advisory
[https://www.vmwar
7 min
Emergent Threat Response
Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Ivanti Connect Secure and Ivanti Policy Secure gateways have been exploited in the wild to gain access to corporate networks and conduct a range of nefarious activities, including backdooring legitimate files.
5 min
Emergent Threat Response
CVE-2023-49103 - Critical Information Disclosure in ownCloud Graph API
On November 21, 2023, ownCloud disclosed CVE-2023-49103, an unauthenticated information disclosure vulnerability affecting ownCloud, when a vulnerable extension called “Graph API” (graphapi) is present.
3 min
Emergent Threat Response
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
A new zero-day vulnerability (CVE-2023-47246) in SysAid IT service management software is being exploited by the threat group responsible for the MOVEit Transfer attack in May 2023.
6 min
Emergent Threat Response
Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518
Daniel Lydon and Conor Quinn contributed attacker behavior insights to this
blog.
As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing
exploitation of Atlassian Confluence in multiple customer environments,
including for ransomware deployment. We have confirmed that at least some of the
exploits are targeting CVE-2023-22518
[https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.ht
4 min
Emergent Threat Response
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments.
2 min
Emergent Threat Response
CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability
On October 10, 2023, Citrix published an advisory on two vulnerabilities affecting NetScaler ADC and NetScaler Gateway. The more critical of these is CVE-2023-4966, a sensitive information disclosure vulnerability that allows an attacker to read large amounts of memory after the end of a buffer.
7 min
Emergent Threat Response
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability
On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software.
3 min
Emergent Threat Response
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center
On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center.
6 min
Emergent Threat Response
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
[https://www.ipswitch.com/ftp-server], a secure file transfer solution. There
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044 and CVE-2023-42657). Our research team has identified what
appears to be the .NET deserialization vulnerability (CVE-2023-40044) and
confirmed that it is exploitable with a single HTTPS POST request and a
pre
2 min
Emergent Threat Response
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation could make the vulnerability a potential supply chain attack vector.
3 min
Emergent Threat Response
Exploitation of Juniper Networks SRX Series and EX Series Devices
On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. Successful exploitation would likely enable attackers to pivot to organizations’ internal networks.
7 min
Emergent Threat Response
Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023, including several incidents that ended in ransomware deployment.
2 min
Emergent Threat Response
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile.