Posts tagged Emergent Threat Response

2 min Emergent Threat Response

Exploitation of Mitel MiVoice Connect SA CVE-2022-29499

Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.

1 min Emergent Threat Response

CVE-2022-27511: Citrix ADM Remote Device Takeover

On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.

11 min Emergent Threat Response

Active Exploitation of Confluence CVE-2022-26134

On June 2, 2022, Atlassian published an advisory for CVE-2022-26134, a critical unauthenticated RCE vulnerability in Confluence Serve and Data Center.

1 min Emergent Threat Response

CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability

On May 30, 2022, Microsoft published an advisory on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool.

2 min Emergent Threat Response

CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation

On May 18, 2022, VMware published an advisory on CVE-2022-22972, a critical authentication bypass affecting multiple solutions.

5 min Vulnerability Disclosure

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.

2 min Emergent Threat Response

Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388

On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.

3 min Emergent Threat Response

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

On April 6, 2022, VMware detailed CVE-2022-22954, a critical RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager.

3 min Emergent Threat Response

Opportunistic Exploitation of WSO2 CVE-2022-29464

On April 18, 2022, MITRE published CVE-2022-29464, an unrestricted file upload vulnerability affecting various WSO2 products.

4 min Emergent Threat Response

CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)

On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.

1 min Emerging Threats

Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems

We have been continuously monitoring for Spring4Shell exploit attempts in our environment, and we will update this page as learn more.

15 min Emergent Threat Response

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.

2 min Emergent Threat Response

CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel

On March 7, 2022, CM4all security researcher Max Kellermann published technical details on CVE-2022-0847, an arbitrary file overwrite vulnerability in versions 5.8+ of the Linux kernel.

1 min Emerging Threats

Russia/Ukraine Conflict: What Is Rapid7 Doing to Protect My Organization?

Rapid7 is monitoring the escalating conflict in Ukraine. To assist with your preparation and response efforts, Rapid7 is constantly making efforts to better protect our customers.

5 min Emerging Threats

Staying Secure in a Global Cyber Conflict

Now that Russia has begun its armed invasion of Ukraine, we should expect increasing risks of cybersecurity attacks and incidents, either as spillover from cyberattacks targeting Ukraine or direct attacks against actors supporting Ukraine.