Report Name: pt_trend_march_2024 reportGenerated: 2024-04-09 00:10:30
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Windows Kernel | 0.9 | 1 | 1 | Windows Kernel | ||||
| Windows Common Log File System Driver | 0.8 | 1 | 1 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
| TeamCity | 0.7 | 1 | 1 | TeamCity is a build management and continuous integration server from JetBrains | ||||
| Microsoft Outlook | 0.6 | 1 | 1 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | ||||
| FortiClientEMS | 0.5 | 1 | 1 | FortiClient EMS provides efficient and effective administration of endpoints running FortiClient (a Fabric Agent that delivers protection, compliance, and secure access in a single, modular lightweight client) |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 1 | 1 | 2 | |||
| Authentication Bypass | 0.98 | 1 | 1 | ||||
| Elevation of Privilege | 0.85 | 1 | 1 | 2 |
1. 
Authentication Bypass - TeamCity (CVE-2024-27198) - Urgent [946]
Description: In JetBrains
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-27198, [githubexploit] Exploit for CVE-2024-27198, [githubexploit] Exploit for CVE-2024-27198, [githubexploit] Exploit for CVE-2024-27198, [githubexploit] Exploit for CVE-2024-27198, [githubexploit] Exploit for CVE-2024-27198, [githubexploit] Exploit for CVE-2024-27198, [packetstorm] JetBrains TeamCity Unauthenticated Remote Code Execution, [metasploit] JetBrains TeamCity Unauthenticated Remote Code Execution) | |
| 0.98 | 15 | Authentication Bypass | |
| 0.7 | 14 | TeamCity is a build management and continuous integration server from JetBrains | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
| 1.0 | 10 | EPSS Probability is 0.97209, EPSS Percentile is 0.99812 |
2. 
Remote Code Execution - FortiClientEMS (CVE-2023-48788) - Urgent [892]
Description: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server) | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | FortiClient EMS provides efficient and effective administration of endpoints running FortiClient (a Fabric Agent that delivers protection, compliance, and secure access in a single, modular lightweight client) | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
| 0.8 | 10 | EPSS Probability is 0.00786, EPSS Percentile is 0.81112 |
3. 
Elevation of Privilege - Windows Kernel (CVE-2024-21338) - Urgent [861]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, Microsoft, NVD:CISAKEV websites | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Microsoft Windows 10.0.17763.5458 Privilege Escalation, [zdt] Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Exploit, [exploitdb] Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation) | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00105, EPSS Percentile is 0.42136 |
4. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-36424) - Critical [654]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Vulnerability in Microsoft) | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0.6 | 10 | EPSS Probability is 0.00197, EPSS Percentile is 0.56757 |
5. Remote Code Execution - Microsoft Outlook (CVE-2024-21378) - Critical [600]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Vulnerability in Microsoft, [githubexploit] Exploit for Vulnerability in Microsoft) | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00042, EPSS Percentile is 0.05356 |
Authentication Bypass (1)Remote Code Execution (1)Elevation of Privilege (1)Elevation of Privilege (1)Remote Code Execution (1)