A roundup of the vulnerabilities which have been added to the CISA KEV list or have had an increase >10% over the week commencing 7th October.
Get Your 'Vulnerability Management Template' FREE!
Your Vulnerability Management Template Includes:
Secure your organisation today by completing the form for your Vulnerability Management Template.
Download the, 'How to secure Microsoft Office Desktop Deployments Technical Guide' - FREE
Complete the form to download your free technical guide and secure your organisation today.
Download the Cyber Essentials Template Policy Pack - FREE
Complete the form to download your FREE Cyber Essentials Template Pack today, including:
Download the Microsoft 365 Security Guide - FREE
Complete the form to download your FREE Microsoft 365 Security Guide today, including:
Sign up on the form and receive the guide instantly.
This week, we've noticed an unsettling trend where vulnerabilities in both Microsoft products, such as Internet Explorer and SharePoint, and third-party systems, like Zimbra Collaboration Suite and School Management WordPress plugin, are showing a rise in exploit prediction scores, generally within the range of 10-20%. This indicates an increased potential for remote code execution and other attacks. Particularly alarming is a vulnerability in Zimbra with a 94.98% EPSS increase, making immediate patching crucial. Fortinet products and Ivanti Cloud Services Appliance have vulnerabilities marked critical by CISA, meaning they are newly being exploited, and others showing slight increases, demanding swift updates or product decommissioning. Overall, the report includes vulnerabilities that could allow attackers to execute remote commands, manipulate user sessions, or expose sensitive information. It's critical to tightly monitor these developments and ensure systems are updated as part of a robust security strategy.
Want to receive this report right to your inbox every Friday? Enter your email address here to sign up: https://marketing.precursorsecurity.com/weekly-vulnerability-report/
EPSS Increase Delta: 94.98%
Original Score: 0.05%
Affected Technology: Zimbra Collaboration Suite
Is New CISA Known Exploited Vulnerability: False
The EPSS has seen a significant jump, moving from 0.05% to 95.03%, a delta of almost 95%. Researchers discovered a critical vulnerability in the postjournal service of Zimbra Collaboration (ZCS) that predates 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1 versions. The flaw enables unauthenticated users to execute commands, potentially leading to unauthorized access or control of the affected systems. Immediate patching to the latest version is strongly advised to mitigate this risk.
EPSS Increase Delta: 66.14%
Original Score: 9.27%
Affected Technology: Microsoft Internet Information Server (IIS) 4.0 and 5.0
Is New CISA Known Exploited Vulnerability: False
The EPSS has seen a significant increase, with a delta of 66.14%, from an original risk percentage of 9.27% to an updated risk of 75.41%. This vulnerability pertains to Microsoft Internet Information Server (IIS) 4.0 and 5.0 where the Response.AddHeader ASP function can be manipulated by remote attackers. By generating a large header through an ASP page, attackers can cause a denial of service via memory consumption. Immediate actions include applying appropriate software updates and monitoring network traffic for unusual activities.
EPSS Increase Delta: 50.86%
Original Score: 4.71%
Affected Technology: Microsoft Internet Explorer 7
Is New CISA Known Exploited Vulnerability: False
This week, we’ve observed a significant increase in threat potential for CVE-2008-1545, with the EPSS delta showing a 50.86% rise. The vulnerability pertains to Microsoft Internet Explorer 7, where the setRequestHeader method of the XMLHttpRequest object lacks proper restriction for the Transfer-Encoding HTTP request header. This oversight permits remote attackers to execute HTTP request splitting and smuggling tactics using a malformed POST request that includes a 'Transfer-Encoding: chunked' header, alongside an inaccurately sized chunk in the request body. Currently, no remediation actions from the vulnerability source have been prescribed.
EPSS Increase Delta: 34.38%
Original Score: 11.08%
Affected Technology: phpFFL 1.24
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2007-4935 has seen a significant increase from 11.08% to 45.46%, indicating a notable rise in the threat level. This vulnerability pertains to multiple PHP remote file inclusion issues in phpFFL 1.24, where remote attackers can execute arbitrary PHP code utilizing a URL in the PHPFFL_FILE_ROOT parameter to various scripts. Immediate remedies include the review and update of affected scripts and parameters to prevent exploitation.
EPSS Increase Delta: 34.22%
Original Score: 41.46%
Affected Technology: Microsoft Hyperlink Object Library
Is New CISA Known Exploited Vulnerability: False
EPSS score increased from 41.46% to 75.68%, a delta of 34.22%. A buffer overflow vulnerability in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) could lead to a crash or arbitrary code execution with crafted long hyperlinks. No CISA alert issued. Remediation includes applying updates provided by Microsoft to mitigate the risk.
EPSS Increase Delta: 34.16%
Original Score: 2.17%
Affected Technology: Ivanti EPM
Is New CISA Known Exploited Vulnerability: False
EPSS has seen a significant increase by 34.16% for CVE-2024-29824, going from an EPSS score of 2.17% to 36.33%. This pertains to an SQL Injection vulnerability present in Ivanti EPM 2022 SU5 and earlier versions. Due to insufficient input sanitization, an unauthenticated attacker within the same network segment can execute arbitrary code. Immediate patching is advised to mitigate this issue.
EPSS Increase Delta: 24.12%
Original Score: 15.60%
Affected Technology: Weaver E-Office 9.5
Is New CISA Known Exploited Vulnerability: False
EPSS percentage increased significantly from 15.6% to 39.72%, showing a rise of 24.12%. The critical vulnerability involves Weaver E-Office 9.5, specifically in /inc/jquery/uploadify/uploadify.php. Attackers can upload files without restrictions by manipulating the Filedata parameter. Remote exploitation is feasible, and public disclosure of the exploit raises the risk of attack. Immediate update or patch application is advised; however, the vendor has not yet responded to the issue.
EPSS Increase Delta: 20.20%
Original Score: 38.90%
Affected Technology: School Management WordPress plugin
Is New CISA Known Exploited Vulnerability: False
EPSS increased from 38.90% to 59.10%, showing a 20.20% delta. The vulnerability in the School Management WordPress plugin before 9.9.7 features an obfuscated backdoor within its license verification code. This backdoor registers a REST API handler allowing unauthenticated attackers to execute arbitrary PHP code on the website. Users should update to the latest version to mitigate this risk.
EPSS Increase Delta: 17.74%
Original Score: 49.48%
Affected Technology: Oracle Java SE, Java SE Embedded, JRockit
Is New CISA Known Exploited Vulnerability: False
CVE-2016-3427 saw a significant increase in risk exposure, with the EPSS score rising from 49.48% to 67.22%, a delta of 17.74%. This vulnerability affects Oracle Java SE and JRockit, allowing a remote attacker to compromise confidentiality, integrity, and availability through unknown vectors related to JMX. Users should apply updates provided by Oracle to mitigate this issue.
EPSS Increase Delta: 16.31%
Original Score: 0.09%
Affected Technology: Ruby SAML
Is New CISA Known Exploited Vulnerability: False
The EPSS risk scoring metric for CVE-2024-45409 has increased significantly from 0.09% to 16.41%, indicating a growing concern. The vulnerability resides in the Ruby SAML library, where versions up to 1.12.2 and 1.13.0 to 1.16.0 fail to properly verify SAML Response signatures. An attacker could exploit this to forge a SAML Response/Assertion, potentially logging in as any user. Updating to versions 1.17.0 or 1.12.3 patches this issue. As of this report, there is no indication that the vulnerability has been acknowledged by CISA KEV.
EPSS Increase Delta: 15.16%
Original Score: 73.28%
Affected Technology: ISPConfig
Is New CISA Known Exploited Vulnerability: False
EPSS has increased by 15.16 percentage points, indicating a growing risk associated with CVE-2023-46818. The vulnerability exists in ISPConfig versions prior to 3.2.11p1, where if admin_allow_langedit is enabled, an authenticated admin can perform PHP code injection via the language file editor. The EPSS jump suggests prioritization of this issue is warranted. To mitigate the threat, administrators should disable language file editing and update to version 3.2.11p1 or later as soon as possible.
EPSS Increase Delta: 15.09%
Original Score: 59.11%
Affected Technology: Microsoft .NET Framework
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2012-0163 has increased by 15.09%, from an original value of 59.11% to 74.19%. This vulnerability affects Microsoft .NET Framework across several versions and stems from insufficient validation of function parameters. Attackers can exploit this flaw remotely to execute arbitrary code by using a crafted application or document. This could include a XAML browser application, an ASP.NET application, or a .NET Framework application. The issue has been dubbed .NET Framework Parameter Validation Vulnerability. There are no immediate remediation actions specified.
EPSS Increase Delta: 14.87%
Original Score: 30.14%
Affected Technology: Microsoft Internet Explorer, Microsoft Edge
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2016-7199 witnessed a significant rise by approximately 14.87%, from an initial 30.14% to 45.01%. This vulnerability affects Microsoft Internet Explorer versions 9 to 11 and Microsoft Edge. It allows remote attackers to sidestep the Same Origin Policy, leading to potential information disclosure of sensitive window-state data through a specially crafted website, known as the 'Microsoft Browser Information Disclosure Vulnerability.' Users should apply any available patches or updates from Microsoft to mitigate this risk.
EPSS Increase Delta: 14.61%
Original Score: 11.43%
Affected Technology: Xlight FTP
Is New CISA Known Exploited Vulnerability: False
EPSS has increased from 11.43% to 26.04%, showing a delta of 14.61% which indicates a growing concern. The vulnerability in Xlight FTP v3.9.3.2 is a stack-based buffer overflow that could allow attackers to extract sensitive information through carefully constructed code. There's no indication that this vulnerability is on the CISA KEV list; users should patch or update the software as recommended by the vendor to mitigate this risk.
EPSS Increase Delta: 13.79%
Original Score: 11.91%
Affected Technology: myphpPagetool 0.4.3
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2007-4947 has increased by 13.79%, from an initial value of 11.91% to 25.7%. This vulnerability is present in myphpPagetool version 0.4.3 and involves multiple remote file inclusion flaws that permit execution of arbitrary PHP code via a crafted URL, affecting parameters within admin documentation scripts. No standardized solution exists; however, restricting access to the affected files or input validation may mitigate this issue.
EPSS Increase Delta: 13.44%
Original Score: 28.56%
Affected Technology: Windows Vista
Is New CISA Known Exploited Vulnerability: False
Observing a 13.44% increase in the Exploit Prediction Scoring System (EPSS) risk, Windows Vista presents a vulnerability where its NoDriveTypeAutoRun registry value is not properly enforced. This flaw potentially allows attackers to execute arbitrary code by leveraging autorun capabilities from CD-ROM or U3-enabled USB devices containing an Autorun.inf file. While there is no CISA alert associated, users should consider adjusting relevant registry values and disable autorun features to mitigate this risk.
EPSS Increase Delta: 12.95%
Original Score: 21.26%
Affected Technology: pdfkit
Is New CISA Known Exploited Vulnerability: False
The EPSS risk score for CVE-2022-25765 increased by 12.95%, from an initial score of 21.26% to a new score of 34.21%. This vulnerability affects the pdfkit package, starting from version 0.0.0, where there is a risk of Command Injection due to improper URL sanitization. Users should update to a non-vulnerable version of pdfkit to mitigate this issue.
EPSS Increase Delta: 20.82%
Original Score: 60.65%
Affected Technology: Arm Mali GPU kernel driver
Is New CISA Known Exploited Vulnerability: False
The EPSS has increased by 20.82%, from an initial score of 60.65% to 73.23%. The vulnerability in question stems from the Arm Mali GPU kernel driver, which incorrectly handles GPU memory operations, leading to unprivileged users being able to access freed memory. Affected versions include Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; as well as Midgard r4p0 through r32p0. Users should apply updates provided by Arm to mitigate the risk and monitor the guidance from their device manufacturers for specific patch availability.
EPSS Increase Delta: 11.72%
Original Score: 21.33%
Affected Technology: WordPress plugin: Import XML and RSS Feeds
Is New CISA Known Exploited Vulnerability: False
EPSS score increased by 11.72%, from an initial 21.33% to 33.05%. An SSRF vulnerability in Import XML and RSS Feeds plugin version 2.0.1 for WordPress allows attackers to manipulate server requests via the 'data' parameter in a 'moove_read_xml' action. There are currently no remedial actions specified.
EPSS Increase Delta: 11.62%
Original Score: 11.58%
Affected Technology: Paid Memberships Pro WordPress Plugin
Is New CISA Known Exploited Vulnerability: False
EPSS score for CVE-2023-23488 has increased by 11.62%, from an initial 11.58% to 23.20%. This vulnerability affects the Paid Memberships Pro WordPress Plugin, where versions prior to 2.9.8 are susceptible to an unauthenticated SQL injection via the 'code' parameter in the '/pmpro/v1/order' REST route. Users should update to version 2.9.8 or later to mitigate this issue.
EPSS Increase Delta: 11.42%
Original Score: 58.16%
Affected Technology: Phpjobscheduler 3.0
Is New CISA Known Exploited Vulnerability: False
EPSS has increased by 11.42%, from an initial 58.16% to 69.57%. This vulnerability in Phpjobscheduler 3.0 is caused by multiple PHP remote file inclusion flaws, which allow remote attackers to execute arbitrary PHP code through a URL passed to the installed_config_file parameter in various scripts. Users are advised to update the software to the latest version to mitigate this risk.
EPSS Increase Delta: 11.22%
Original Score: 22.11%
Affected Technology: Squid
Is New CISA Known Exploited Vulnerability: False
Notable EPSS increase of 11.22% signifies a growing risk related to CVE-2007-6239. This vulnerability affects the cache update reply processing in versions of Squid before 2.6.STABLE17 and 3.0. Exploitation can lead to a denial of service via specifically crafted HTTP headers resulting in an Array memory leak for cached object requests. Upgrading to a non-affected version of Squid is recommended to mitigate this vulnerability.
EPSS Increase Delta: 11.10%
Original Score: 27.66%
Affected Technology: Microsoft SharePoint
Is New CISA Known Exploited Vulnerability: False
An increase in exploit likelihood is noticed for CVE-2013-3179, moving from 27.66% to 38.76%, marking an EPSS delta of approximately 11.10%. This vulnerability affects Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013, where remote attackers can use cross-site scripting (XSS) to run arbitrary web scripts or HTML by means of a crafted request. The concern here is the significant potential for data manipulation or theft. Users should apply patches provided by Microsoft or follow guidance to mitigate this issue.
EPSS Increase Delta: 10.87%
Original Score: 0.73%
Affected Technology: File Sharing Wizard 1.5.0 build 2008
Is New CISA Known Exploited Vulnerability: False
The EPSS score has increased significantly from 0.73% to 11.59%, indicating a higher risk associated with this vulnerability. File Sharing Wizard version 1.5.0 build 2008 has a critical buffer overflow vulnerability that allows remote attackers, without authentication, to execute commands and gain shell access through a crafted HTTP GET request. Users are advised to update or apply patches if available.
EPSS Increase Delta: 10.78%
Original Score: 21.66%
Affected Technology: Request Tracker
Is New CISA Known Exploited Vulnerability: False
The EPSS score has increased by 10.78%, starting from 21.66% to a new value of 32.45%. This reflects a heightened risk factor associated with the vulnerability, which involves a SQL injection in the Approvals section of Request Tracker 4.0.10 and earlier versions that could allow remote attackers to execute arbitrary SQL commands through the ShowPending parameter. Despite the vendor's claims of an inability to replicate the issue and the reporter's retraction, it is essential to maintain awareness and apply critical updates or workarounds, especially due to its potential impact.
EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Fortinet Security Products
Is New CISA Known Exploited Vulnerability: True
New addition to the CISA KEV list - Fortinet products including FortiOS, FortiPAM, FortiProxy, and FortiWeb are vulnerable to a format string issue, which could permit remote code execution without authentication. The vendor advises applying provided mitigations or ceasing usage if none are available.
EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Ivanti Cloud Services Appliance
Is New CISA Known Exploited Vulnerability: True
This is a new addition to the CISA KEV catalog. This software, Ivanti Cloud Services Appliance, has a command injection vulnerability permitting admin users to execute unauthorized OS commands. It is marked as critical by CISA and affected users should immediately transition from the unsupported version 4.6.x to the current 5.0.x series or later to mitigate this risk.
EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Ivanti Cloud Services Appliance
Is New CISA Known Exploited Vulnerability: True
Brand new addition to the CISA KEV list. The vulnerability in Ivanti Cloud Services Appliance relates to a SQL injection in the admin web console for versions before 5.0.2. This can let an authenticated administrator execute arbitrary SQL commands. Remediation includes removing CSA 4.6.x from service or upgrading to version 5.0.x or later. As CISA considers this critical, it has been added to the KEV list.
EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Ivanti Cloud Services Appliance
Is New CISA Known Exploited Vulnerability: True
This is a new addition to the CISA Known Exploited Vulnerabilities list, highlighting its urgency. An unspecified vulnerability in Microsoft Windows Management Console can lead to remote code execution. To mitigate this risk, users should follow the provided vendor guidelines or cease using the affected product if no mitigations are offered. The vulnerability is serious enough to warrant inclusion in the CISA KEV list.
EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Microsoft Windows MSHTML Platform
Is New CISA Known Exploited Vulnerability: True
EPSS has increased to 0.63%, indicating a growing risk. Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability, potentially leading to confidentiality breaches. Remediation involves applying the vendor-provided mitigations or ceasing product use if no solution exists.
EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Qualcomm chipsets
Is New CISA Known Exploited Vulnerability: True
This vulnerability is a new addition to the CISA KEV list. It affects multiple Qualcomm chipsets, involving a use-after-free issue caused by memory corruption in DSP Services while maintaining memory maps of HLOS memory. The advised action is to apply vendor-supplied remediations or cease using the impacted product if fixes are not available.
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
It’s important to know what you’re getting, what’s not included and what else is available. This starts with understanding a SOC and it’s critical functions. CREST has recently published a guide to the critical functions of a SOC which aligns with the CREST SOC standard.
Enter your details here and to get the complete guide instantly sent to your inbox.
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
Precursor Security
Welcome to Precursor Security, where the forefront of cybersecurity and penetration testing expertise meets unmatched dedication and innovation. We are the architects of robust digital defences, committed to safeguarding the online realm.