CISA – Vulnerability Summary for the Week of September 4, 2023

September 12, 2023 / Comments (0)

MWUA News

Vulnerability Summary for the Week of September 4, 2023 🔗

09/11/2023 04:30 PM EDT

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
canonical_ltd. — snapd_for_linux Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected – this can only be exploited when snaps are run on a virtual console. 2023-09-01 10 CVE-2023-1523
MISC
MISC
MISC
MISC
bmc — server_automation BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass. 2023-09-05 9.8 CVE-2017-9453
MISC
mybb — mybb Installer RCE on settings file write in MyBB before 1.8.22. 2023-09-01 9.8 CVE-2020-22612
MISC
qualcomm — sd855 A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g., from a remote source). 2023-09-05 9.8 CVE-2023-28543
MISC
qualcomm — aqt1000 Memory corruption while handling payloads from remote ESL. 2023-09-05 9.8 CVE-2023-28562
MISC
qualcomm — fastconnect_6800 Memory corruption in WLAN Firmware while parsing received GTK Keys in GTK KDE. 2023-09-05 9.8 CVE-2023-28581
MISC
samsung_mobile — health Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. 2023-09-06 9.8 CVE-2023-30723
MISC
open_automation_software — oas_platform An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. 2023-09-05 9.8 CVE-2023-31242
MISC
MISC
bookreen — bookreen Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. 2023-09-05 9.8 CVE-2023-3374
MISC
osoft — paint_production_management Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Osoft Paint Production Management allows SQL Injection. This issue affects Paint Production Management: before 2.1. 2023-09-05 9.8 CVE-2023-35065
MISC
bma — personnel_tracking_system Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BMA Personnel Tracking System allows SQL Injection. This issue affects Personnel Tracking System: before 20230904. 2023-09-05 9.8 CVE-2023-35068
MISC
coyav_travel — proagent Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Coyav Travel Proagent allows SQL Injection. This issue affects Proagent: before 20230904. 2023-09-05 9.8 CVE-2023-35072
MISC
pocketmanga — smanga SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. 2023-09-01 9.8 CVE-2023-36076
MISC
macwk — icecms An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. 2023-09-01 9.8 CVE-2023-36100
MISC
mava — hotel_management_system Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mava Software Hotel Management System allows SQL Injection. This issue affects Hotel Management System: before 2.0. 2023-09-05 9.8 CVE-2023-3616
MISC
netgear — cbr40 Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. 2023-09-01 9.8 CVE-2023-36187
MISC
relic — relic Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. 2023-09-01 9.8 CVE-2023-36326
MISC
MISC
relic — relic Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. 2023-09-01 9.8 CVE-2023-36327
MISC
MISC
libtom — libtommath Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). 2023-09-01 9.8 CVE-2023-36328
MISC
FEDORA
web-audimex — audimexee Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. 2023-09-05 9.8 CVE-2023-36361
MISC
MISC
MISC
proscend — m357-5g Proscend Advice ICR Series routers FW version 1.76 – CWE-1392: Use of Default Credentials 2023-09-03 9.8 CVE-2023-3703
MISC
synel — synergy/a Synel Terminals – CWE-494: Download of Code Without Integrity Check 2023-09-03 9.8 CVE-2023-37220
MISC
asus — rt-ax56u It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. 2023-09-07 9.8 CVE-2023-39238
MISC
asus — rt-ax56u It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. 2023-09-07 9.8 CVE-2023-39239
MISC
asus — rt-ax56u It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. 2023-09-07 9.8 CVE-2023-39240
MISC
cacti — cacti Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-05 9.8 CVE-2023-39361
MISC
langchain — langchain An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. 2023-09-01 9.8 CVE-2023-39631
MISC
MISC
abuquant — abupy abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. 2023-09-05 9.8 CVE-2023-39654
MISC
MISC
cuppa_cms — cuppa_cms Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload. 2023-09-05 9.8 CVE-2023-39681
MISC
moxa — mxsecurity There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. 2023-09-02 9.8 CVE-2023-39979
MISC
digitatek — smartrise_document_management_system Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.This issue affects Smartrise Document Management System: before Hvl-2.0. 2023-09-05 9.8 CVE-2023-4034
MISC
diaowen — dwsurvey File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. 2023-09-01 9.8 CVE-2023-40980
MISC
bolo-solo — bolo-solo File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. 2023-09-05 9.8 CVE-2023-41009
MISC
MISC
MISC
f-revocrm — f-revocrm F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running. 2023-09-06 9.8 CVE-2023-41149
MISC
MISC
metaways_infosystems_gmbh — tine In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. 2023-09-01 9.8 CVE-2023-41364
MISC
MISC
MISC
super_store_finder — super_store_finder Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. 2023-09-05 9.8 CVE-2023-41507
MISC
MISC
neutron — smart_vms Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1. 2023-09-05 9.8 CVE-2023-4178
MISC
lldpd — lldpd An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. 2023-09-05 9.8 CVE-2023-41910
MISC
MISC
mestav — e-commerce_software Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software: before 20230901. 2023-09-05 9.8 CVE-2023-4531
MISC
lg — lg_led_assistant This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. 2023-09-04 9.8 CVE-2023-4613
MISC
MISC
lg — lg_led_assistant This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. 2023-09-04 9.8 CVE-2023-4614
MISC
MISC
wordpress — wordpress The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the ‘mla_stream_file’ parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible. 2023-09-06 9.8 CVE-2023-4634
MISC
MISC
MISC
MISC
MISC
infosoftbd — clcknshop A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-09-01 9.8 CVE-2023-4708
MISC
MISC
MISC
suntront — smart_table_integrated_management_system A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-09-01 9.8 CVE-2023-4712
MISC
MISC
MISC
byzoro — smart_s85f_management_platform A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S85F Management Platform up to 20230820 on Smart. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238628. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-09-03 9.8 CVE-2023-4739
MISC
MISC
MISC
tenda — ac8 A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability. 2023-09-04 9.8 CVE-2023-4744
MISC
MISC
MISC
dedecms — dedecms A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tag_alias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238636. 2023-09-04 9.8 CVE-2023-4747
MISC
MISC
MISC
MISC
sourcecodester — inventory_management_system A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability. 2023-09-04 9.8 CVE-2023-4749
MISC
MISC
MISC
adobe — adobe_commerce Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. 2023-09-06 9.1 CVE-2021-36021
MISC
adobe — adobe_commerce Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. 2023-09-06 9.1 CVE-2021-36023
MISC
adobe — adobe_commerce Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento’s Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution. 2023-09-06 9.1 CVE-2021-36036
MISC
ibm — financial_transaction_manager IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. 2023-09-05 9.1 CVE-2023-35892
MISC
MISC
ahwx — librey LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. 2023-09-04 9.1 CVE-2023-41054
MISC
MISC
hewlett_packard_enterprise  — aruba_airwave Aruba AirWave