3 min
Emergent Threat Response
CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed
The Rapid7 research team will update this blog post as we learn more details
about this vulnerability and its attack surface area.
The OpenSSL [https://www.openssl.org/] project released
[https://www.openssl.org/news/cl30.txt] version 3.0.7 on November 1, 2022, to
address CVE-2022-3786 and CVE-2022-3602
[https://www.openssl.org/news/secadv/20221101.txt], two high-severity
vulnerabilities affecting OpenSSL’s 3.0.x version stream discovered and reported
by Polar Bear and Viktor Dukhovni. OpenSSL
1 min
Risk Management
CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution
On October 25, 2022, VMware published VMSA-2022-0027 on two vulnerabilities in its Cloud Foundation solution. By far the more severe of these is CVE-2021-39144, an unauthenticated remote code execution vulnerability with a CVSSv3 score of 9.8.
3 min
Emergent Threat Response
CVE-2022-42889: Keep Calm and Stop Saying "Text4Shell"
UPDATE 10/18/22: A previous version of this blog indicated that five JDK
versions (JDK 15+) were not impacted due to the exclusion of the Nashorn
JavaScript engine. However, an updated PoC
[https://twitter.com/pwntester/status/1582321752566161409]came out that uses the
JEXL engine as an exploit path. If JEXL is present, the code executes
successfully, so this issue can be exploited on any JDK where a relevant engine
can be leveraged.
CVE-2022-42889, which some have begun calling “Text4Shell,”
2 min
Emergent Threat Response
CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies
On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.
3 min
Emergent Threat Response
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.
5 min
Emergent Threat Response
CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server
On September 29, security firm GTSC published information and IOCs on what they claim is a pair of unpatched Microsoft Exchange Server vulnerabilities.
2 min
Emergent Threat Response
CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center
On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.
4 min
Emergent Threat Response
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
Five vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one that is unpatched and four that are actively being exploited.
2 min
Emergent Threat Response
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.
2 min
Emergent Threat Response
Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.
1 min
Emergent Threat Response
CVE-2022-27511: Citrix ADM Remote Device Takeover
On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.
11 min
Emergent Threat Response
Active Exploitation of Confluence CVE-2022-26134
On June 2, 2022, Atlassian published an advisory for CVE-2022-26134, a critical unauthenticated RCE vulnerability in Confluence Serve and Data Center.
1 min
Emergent Threat Response
CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability
On May 30, 2022, Microsoft published an advisory on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool.
2 min
Emergent Threat Response
CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
On May 18, 2022, VMware published an advisory on CVE-2022-22972, a critical authentication bypass affecting multiple solutions.
5 min
Vulnerability Disclosure
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.