CIS Advisories

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is used to view, create, print, and manage PDF files Adobe Reader is used to view, create, print, and manage PDF files Adobe Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms Adobe Connect is a suite of software for remote training, web conferencing, presentation, and desktop sharing Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Notepad++, the most severe of which could result in arbitrary code execution. Notepad++ is a free and open-source text and source code editor for use with Microsoft Windows. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software that could allow for unauthorized access. Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors for any distributed network environment. Cisco Firepower Threat Defense (FTD) Software is an integrative software image combining CISCO ASA and Firepower feature into one hardware and software inclusive system to assist in flagging specific network traffic patterns, create alerts and better control your network. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. Utilizing the brute force attack to obtain valid credentials, an attacker could use this to establish unauthorized VPN sessions and then install ransomware.

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. iPadOS is the successor to iOS 12 and is a mobile operating system for iPads. macOS Ventura is the 19th and current major release of macOS watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

A vulnerability has been discovered in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform which could allow for arbitrary code execution. Cisco BroadWorks Application Delivery Platform and Xtended Services Platform is an enterprise-grade calling and collaboration platform that integrates with Cisco Webex to meet the full range of enterprise communications and collaboration needs. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered within VMware Aria Operations for Networks, the most severe of which could allow for remote code execution. VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes metrics, APIs, configurations, metadata, integrations, telemetry netflow, sFlow, and IPFIX flow traffic, which traverses the infrastructure. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in ChromeOS, the most severe of which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Junos OS, which. when chained together. could allow for remote code execution. Junos OS is an operating system that runs across all Juniper routing, switching, and security infrastructure. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is used to view, create, print, and manage PDF files. Adobe Reader is used to view, create, print, and manage PDF files Adobe Commerce is an offering that provides companies with a flexible and scalable end-to-end plate form to manage commerce experiences of their customers. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Ivanti Endpoint Manager (EPMM), formerly known as MobileIron Core; which could allow for arbitrary code execution. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content. If successfully exploited, an attacker could perform arbitrary file writes to the EPMM server.

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution OVERVIEW: Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Safari is a web browser developed by Apple. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. iPadOS is the successor to iOS 12 and is a mobile operating system for iPads. macOS Ventura is the 19th and current major release of macOS macOS Monterey is the 18th and release of macOS. macOS Big Sur is the 17th release of macOS. tvOS is the operating system for the Apple TV based on Mac OS X. watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile which could allow for unauthorized access to specific API paths. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content. If successfully exploited, an attacker could gain unauthorized access to the database, potentially accessing users’ personally identifiable information such as names and phone numbers. Additionally, the attacker can potentially make configuration changes to the server, including creating an administrative account that can make further changes to a vulnerable system.

Multiple vulnerabilities have been discovered in Citrix products, the most severe of which could allow for remote code execution. Citrix ADC performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 - Layer 7 network traffic for web applications. Citrix Gateway is used to consolidate remote access infrastructure and provide single sign-on across all applications whether in a data center, in a cloud, or if the apps are delivered as SaaS apps. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Adobe ColdFusion, the most severe of which could allow for arbitrary code execution. Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Apple products, which could allow for arbitrary code execution. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. iPadOS is the successor to iOS 12 and is a mobile operating system for iPads. macOS Ventura is the 19th and current major release of macOS Safari is a graphical web browser developed by Apple. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Adobe Coldfusion which could allow for arbitrary code execution. Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications. Successful exploitation of this vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Fortinet FortiOS and FortiProxy, which could allow for remote code execution. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web gateway that attempts to protects users against internet-borne attacks, and provides protection and visibility to the network against unauthorized access and threats. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Cisco SD-WAN vManage which could allow for security mechanism bypass. Cisco SD-WAN vManage is a centralized network management console for controlling, configuring and monitoring devices in a network. Successful exploitation of this vulnerability could allow an attacker to bypass security mechanisms on the targeted host, granting them to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Adobe InDesign is a desktop publishing and page layout designing software. Adobe ColdFusion is a commercial rapid web-application development computing platform. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Progress Moveit Transfer, which could allow for unauthorized database access. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. If successfully exploited, an attacker could gain unauthorized access to the database, potentially compromising confidential information, user credentials, and other sensitive data. This unauthorized access could also result in unauthorized modifications and disclosure of the database content.