Posts tagged Emergent Threat Response

2 min Emergent Threat Response

CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE

Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.

1 min Emergent Threat Response

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.

2 min Emergent Threat Response

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Today FortiGuard Labs published advisory FG-IR-22-398 regarding a “heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN. FortiGuard Labs has confirmed at least one instance of the vulnerability being exploited in the wild.

2 min Emergent Threat Response

CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 [] announcing fixes for three vulnerabilities: * CVE-2022-27510 [] “Unauthorized access to Gateway user capabilities” * CVE-2022-27513 [

1 min Emergent Threat Response

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate.

1 min Emergent Threat Response

Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)

CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input.

3 min Emergent Threat Response

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

The Rapid7 research team will update this blog post as we learn more details about this vulnerability and its attack surface area. The OpenSSL [] project released [] version 3.0.7 on November 1, 2022, to address CVE-2022-3786 and CVE-2022-3602 [], two high-severity vulnerabilities affecting OpenSSL’s 3.0.x version stream discovered and reported by Polar Bear and Viktor Dukhovni. OpenSSL

1 min Risk Management

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.

3 min Emergent Threat Response

CVE-2022-42889: Keep Calm and Stop Saying "Text4Shell"

UPDATE 10/18/22: A previous version of this blog indicated that five JDK versions (JDK 15+) were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC []came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so this issue can be exploited on any JDK where a relevant engine can be leveraged. CVE-2022-42889, which some have begun calling “Text4Shell,”

2 min Emergent Threat Response

CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies

On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.

3 min Emergent Threat Response

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.

5 min Emergent Threat Response

CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server

On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.

2 min Emergent Threat Response

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.

4 min Emergent Threat Response

Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite

Five vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one that is unpatched and four that are actively being exploited.

2 min Emergent Threat Response

Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138

Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.