Security News

Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.

Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. A third Windows-specific flaw impacting the Git GUI tool caused by an untrusted search path weakness enables unauthenticated threat actors to run untrusted code low-complexity attacks.

If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they've been updated to a non-vulnerable version because Horizon3's will be releasing technical details and a PoC exploit this week. CVE-2022-47966 is an unauthenticated remote code execution vulnerability that has been found by a researcher with Viettel Cyber Security in two dozen ManageEngine products, including Access Manager Plus, ADSelfService Plus, Endpoint DLP, Password Manager Pro, PAM360, ServiceDesk Plus, and others.

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966. "The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966."The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.

More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit. In early December 2022, a security advisory warned of a critical command injection vulnerability in Cacti that could be exploited without authentication.

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a patched version of Cacti.

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available. The three vulnerable plugins were discovered by Tenable security researcher Joshua Martinelle, who reported them responsibly to WordPress on December 19, 2022, along with proofs of concept.

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features. Exploitation of these vulnerabilities could allow offline attackers to generate arbitrary encrypted firmware that are bootable on all Siemens S7-1500 series PLC CPU modules.

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel that enables elevated privileges and unauthenticated remote code execution on susceptible servers. Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems.