7 min
Emergent Threat Response
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability
On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software.
3 min
Emergent Threat Response
CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center
On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center.
6 min
Emergent Threat Response
Critical Vulnerabilities in WS_FTP Server
On September 27, 2023, Progress Software published a security advisory on
multiple vulnerabilities affecting WS_FTP Server
[https://www.ipswitch.com/ftp-server], a secure file transfer solution. There
are a number of vulnerabilities in the advisory, two of which are critical
(CVE-2023-40044 and CVE-2023-42657). Our research team has identified what
appears to be the .NET deserialization vulnerability (CVE-2023-40044) and
confirmed that it is exploitable with a single HTTPS POST request and a
pre
2 min
Emergent Threat Response
CVE-2023-42793: Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers
On September 20, 2023, JetBrains disclosed CVE-2023-42793, a critical authentication bypass vulnerability in on-premises instances of their TeamCity CI/CD server. Successful exploitation could make the vulnerability a potential supply chain attack vector.
3 min
Emergent Threat Response
Exploitation of Juniper Networks SRX Series and EX Series Devices
On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. Successful exploitation would likely enable attackers to pivot to organizations’ internal networks.
7 min
Emergent Threat Response
Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023, including several incidents that ended in ransomware deployment.
2 min
Emergent Threat Response
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2023-35078 is a critical remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile.
2 min
Emergent Threat Response
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
Citrix has published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway.
4 min
Emergent Threat Response
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments.
2 min
Emergent Threat Response
SonicWall Recommends Urgent Patching for GMS and Analytics CVEs
SonicWall published an urgent security advisory on July 12, 2023 warning customers of new vulnerabilities affecting their GMS and Analytics products.
3 min
Emergent Threat Response
CVE-2023-34362: MOVEit Vulnerability Timeline of Events
Rapid7 continues to track the impact of CVE-2023-34362. We’ve put together a timeline of events to date for your reference.
2 min
Emergent Threat Response
CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability
Rapid7 is tracking CVE-2023-27997, a purportedly critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.
3 min
Emergent Threat Response
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.
8 min
Emergent Threat Response
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
2 min
Emergent Threat Response
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices.