CISA Adds One Known Exploited Vulnerability to Catalog https://www.cisa.gov/news-events/alerts/2025/07/18/cisa-adds-one-known-exploited-vulnerability-catalog
So here's a dumb question. Does CVE-2025-33053 actually affect Apache #mod_dav after all?
#CISA #KEV seems to be implying this: "This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows."
Like, is it a protocol bug, or a product bug? The CVE only lists Microsoft products as affected.
#CISA added the Erlang/OTP and RoundCube bugs to the #KEV today.
@runZeroInc already has queries for both of these -- the Erlang/OTP one since April. rZ users should be well ahead of this today.
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation https://thehackernews.com/2025/02/cisa-adds-microsoft-and-zimbra-flaws-to.html
CISA adds critical Mitel and Oracle vulnerabilities to exploited list
Exploitation could allow attackers to gain unauthorised access to an organisation's entire unified communications infrastructure
ICYMI: The inaugural study on EPSS performance and broader vulnerability exploitation trends published this week. If you've ever wanted data-driven answers to questions like these listed in the ToC shown here, download it today (free, no registration req'd): https://www.cyentia.com/epss-study/
#vulnerabilitymanagement #vulnerability #vulnerabilities
#vulnerability_exploits #exploit #exploitation #cyberattack #cyberattacks #epss #cvss #kev
watchTowr may have successfully replicated CVE-2024-3400 (10.0 critical, disclosed 12 April 2024 by Palo Alto Networks as an exploited zero-day, CWE-77: Command Injection; OS Command Injection Vulnerability in GlobalProtect Gateway, added to CISA KEV Catalog). Instead of releasing a Proof of Concept, they provided a "detection artefact generator tool" 
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
@jullrich of SANS ISC warns that the widely shared GitHub exploit is almost certainly fake (cc: @mttaggart ) and two IP addresses were attempting CVE-2024-3400 exploitation: 173.255.223.159 and 146.70.192.174 https://isc.sans.edu/diary/rss/30838
Happy hotfix day from Palo Alto Networks who released 3 hotfixes for CVE-2024-3400 (10.0 critical, disclosed 12 April 2024 as an exploited zero-day) with 15 more hotfixes expected in the coming days: https://security.paloaltonetworks.com/CVE-2024-3400
It should come as no surprise that Palo Alto Networks did not release hotfixes* for affected versions of PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11 by the self-imposed deadline of Sunday 14 April 2024 like they estimated in their security advisory. 48 hours to develop/test/release is a tight delivery window with the whole infosec community breathing down their necks.
CISA put out an additional security alert about CVE-2024-3400, noting that Palo Alto Networks released workaround guidance for the command injection vulnerability. https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400
Just to make it easier to read through the various reports (saying almost the same exact thing), I've assembled a Palo Alto Networks zero-day MEGA list:
UPDATE: Volexity and Unit 42 talk about the threat actor, campaign, and include indicators of compromise:
Here's the rest of the related reporting:
Hot off the press! CISA adds CVE-2024-3400 (10.0 critical, disclosed 12 April 2024, PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway) to the Known Exploited Vulnerabilities (KEV) Catalog (to be updated later) https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Ivanti has a frequently asked questions (FAQ) blog post from 14 February 2024 addressing questions about their Ivanti Connect Secure, Policy Secure and ZTA gateway products. Important to note that "As of 14 February, Ivanti has a build available for all supported versions." It also responds to Eclypsium's claim of old open source code. They also dispute reporting that CVE-2024-22024 (8.3. high, disclosed 12 February by Ivanti) was being exploited after disclosure. "It is unfortunate that media reports continue to cover statements and unverified numbers from third parties that are incorrect or inflated." Ivanti officially responds to the accusations that they didn't credit watchTowr for reporting CVE-2024-22024. This reads like damage control for Ivanti's Public Relations. https://www.ivanti.com/blog/key-faqs-related-to-ivanti-connect-secure-policy-secure-and-zta-gateway-vulnerabilities
Ivanti updated their knowledge base article with an available patch:
Update 1 February: A patch addressing all known vulnerabilities is now available for Ivanti Connect Secure version 22.5R2.2 and Ivanti Policy Secure 22.5R1.1.
Ivanti identified two new vulnerabilities (one actively exploited) in connection to the Ivanti Connect Secure zero-days from 10 January 2024. They are:
A patch is now available for Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1) and ZTA version 22.6R1.3. https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
blog post: https://www.ivanti.com/blog/security-update-for-ivanti-connect-secure-and-ivanti-policy-secure-gateways
security advisory: https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
Just your periodic update from Ivanti regarding their CVE-2023-46805 (8.2 high) and CVE-2024-21887 (9.1 critical) zero-days (both disclosed 10 January 2024 as exploited in the wild, has Proofs of Concept, mass exploitation):
"Update 26 January: The targeted release of patches for supported versions is delayed, this delay impacts all subsequent planned patch releases. We are now targeting next week to release a patch for Ivanti Connect Secure (versions 9.1R17x, 9.1R18x, 22.4R2x and 22.5R1.1), Ivanti Policy Secure (versions 9.1R17x, 9.1R18x and 22.5R1x) and ZTA version 22.6R1x.
Patches for supported versions will still be released on a staggered schedule. Instructions on how to upgrade to a supported version will also be provided.
The timing of patch release is subject to change as we prioritize the security and quality of each release. Please ensure you are following this article to receive updates as they become available." https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Hey, my first blog post at my new job.
Four new #CVE #KEV entries from #CISA today, courtesy of #Microsoft #PatchTuesday, and one for #Netwrix. Enjoy!
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
CVE-2023-36874
CVE-2023-35311
CVE-2023-32049
CVE-2023-32046
and
CVE-2022-31199
Kevin McCarthy Desperately Hopes You Believe Sh*t He's Making Up About Eric Swalwell https://www.wonkette.com/kevin-mccarthy-eric-swalwell-adam-schiffkevin-mccarthy-eric-swalwell-adam-schiff
