Tag: critical vulnerability
Cybersecurity Threat Advisory: F5 BIG-IP RCE vulnerability
This Cybersecurity Threat Advisory involves a critical vulnerability discovered in F5 BIG-IP products, identified as CVE-2023-46747. The vulnerability allows unauthenticated remote code execution and poses significant security risks. With a CVSS score of 9.8, immediate attention is required to mitigate...
Cybersecurity Threat Advisory: WS_FTP Server vulnerabilities uncovered
Multiple vulnerabilities have been found in all versions of WS_FTP Server. The critical and high vulnerabilities include a directory traversal flaw (CVE-2023-42657) with a CVSS score of 9.9, a high-severity reflected cross-site scripting (XSS) issue (CVE-2023-40045, CVSS 8.3), a SQL...
Cybersecurity Threat Advisory: Critical security patches for GitLab
This Cybersecurity Threat Advisory highlights GitLab’s recent critical vulnerability, which security update have been released for. A successful exploitation can allow threat actors to mask themselves as other users during scheduled security scans while they run automated tasks (also known...
Cybersecurity Threat Advisory: New VMware Aria vulnerability identified
Today’s Cybersecurity Threat Advisory highlights an SSH authentication bypass flaw, identified as CVE-2023-34039, which has been discovered in VMware Aria. It has a severity rating of “critical” and a CVSS v3 scope of 9.8. This vulnerability allows remote attackers to...
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Atera RMM
The latest Cybersecurity Threat Advisory involves two zero-day vulnerabilities that were discovered in Atera RMM Windows installers. These two vulnerabilities are deemed critical and provide privilege escalation capabilities upon a successful exploitation. Barracuda MSP recommends updating to version 1.8.4.9 to...
Critical Adobe ColdFusion vulnerability
The latest cybersecurity threat advisory highlights vulnerabilities affecting Adobe ColdFusion versions 2018, 2021, and 2023, which are actively being exploited by threat actors in the wild. A successful exploitation can lead to arbitrary code execution and security feature bypass. Barracuda...
Cybersecurity Threat Advisory: Critical MOVEit vulnerability discovered
A critical vulnerability has been discovered in the MOVEit Transfer software, prompting urgent action from customers to patch their systems. This flaw, identified as CVE-2023-36934, allows an attacker to execute arbitrary commands on the affected system with elevated privileges without...
Cybersecurity Threat Advisory: New FortiNAC critical vulnerability update released
A critical remote code execution vulnerability (CVE-2023-33299) with a CVSS score of 9.6 has been discovered in Fortinet’s FortiNAC product. This vulnerability poses a significant risk as it could allow an unauthenticated user to execute unauthorized code or commands by...
Cybersecurity Threat Advisory: Command injection flaw in Zyxel NAS devices
Zyxel, a networking equipment manufacturer, has released urgent security updates to address critical vulnerabilities in their network-attached storage devices. CVE-2023-27992 (CVSS score: 9.8) has been declared as a pre-authentication command injection vulnerability. What is the threat? The threat involves multiple vulnerabilities...
Cybersecurity Threat Advisory: Critical MOVEit transfer vulnerability
A critical vulnerability has been discovered in MOVEit Transfer, a commonly used managed file transfer (MFT) solution developed by Progress Software. This vulnerability allows remote attackers to execute arbitrary code on affected systems. The vulnerability is actively exploited in the...
