Report Name: Qualys 2023 Threat Landscape Year in Review 12 CVEs reportGenerated: 2024-01-07 23:04:18
Product Name | Prevalence | U | C | H | M | L | A | Comment |
---|---|---|---|---|---|---|---|---|
Chromium | 0.8 | 1 | 1 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | ||||
Windows Common Log File System Driver | 0.8 | 1 | 1 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
Windows SmartScreen | 0.8 | 1 | 1 | SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge | ||||
GoAnywhere Managed File Transfery | 0.6 | 1 | 1 | GoAnywhere MFT is a secure managed file transfer software solution that streamlines the exchange of data between systems, employees, customers, and trading partners | ||||
MOVEit Transfer | 0.6 | 1 | 1 | 2 | Progress MOVEit is a secure Managed File Transfer (MFT) software. MOVEit enables organizations to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems. | |||
Microsoft Outlook | 0.6 | 1 | 1 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | ||||
PaperCut NG | 0.6 | 1 | 1 | PaperCut NG is a comprehensive print management system designed to seamlessly monitor and control your resources with easy to use administrative and user tools that can be securely accessed from anywhere on the network though a web browser | ||||
SugarCRM | 0.6 | 1 | 1 | SugarCRM is a comprehensive Customer Relationship Management (CRM) platform designed to connect your sales, marketing, and service teams | ||||
3CX DesktopApp | 0.5 | 1 | 1 | The 3CX Phone System is the software-based private branch exchange (PBX) phone system developed and marketed by the company, 3CX | ||||
Aria Operations for Networks | 0.5 | 1 | 1 | The VMware Aria Operations for Networks Platform appliance provides the analytics, user interface, and data management and connects to the controller appliance, which collects from the various data sources such as NSX Edges, vCenter | ||||
Barracuda Email Security Gateway | 0.5 | 1 | 1 | The Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks |
Vulnerability Type | Criticality | U | C | H | M | L | A |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 2 | 1 | 3 | |||
Code Injection | 0.97 | 1 | 1 | 2 | |||
Command Injection | 0.97 | 2 | 2 | ||||
Authentication Bypass | 0.95 | 1 | 1 | ||||
Security Feature Bypass | 0.9 | 1 | 1 | 2 | |||
Elevation of Privilege | 0.85 | 1 | 1 | ||||
Memory Corruption | 0.5 | 1 | 1 |
1. Remote Code Execution - PaperCut NG (CVE-2023-27350) - Urgent [933]
Description: This vulnerability allows remote attackers to bypass authentication on affected installations of
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:packetstormsecurity.com website | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | PaperCut NG is a comprehensive print management system designed to seamlessly monitor and control your resources with easy to use administrative and user tools that can be securely accessed from anywhere on the network though a web browser | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
1.0 | 10 | EPSS Probability is 0.97229, EPSS Percentile is 0.99803 |
2. Code Injection - MOVEit Transfer (CVE-2023-34362) - Urgent [927]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [packetstorm] MOVEit SQL Injection, [metasploit] MOVEit SQL Injection vulnerability, [zdt] MOVEit SQL Injection Exploit) | |
0.97 | 15 | Code Injection | |
0.6 | 14 | Progress MOVEit is a secure Managed File Transfer (MFT) software. MOVEit enables organizations to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems. | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
1.0 | 10 | EPSS Probability is 0.89942, EPSS Percentile is 0.98539 |
3. Authentication Bypass - Microsoft Outlook (CVE-2023-23397) - Urgent [924]
Description:
4. Remote Code Execution - Aria Operations for Networks (CVE-2023-20887) - Urgent [916]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Command Injection in Vmware Vrealize Network Insight, [githubexploit] Exploit for Command Injection in Vmware Vrealize Network Insight, [githubexploit] Exploit for Command Injection in Vmware Vrealize Network Insight, [metasploit] VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE, [zdt] VMWare Aria Operations For Networks Remote Command Execution Exploit, [packetstorm] VMWare Aria Operations For Networks Remote Command Execution) | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | The VMware Aria Operations for Networks Platform appliance provides the analytics, user interface, and data management and connects to the controller appliance, which collects from the various data sources such as NSX Edges, vCenter | |
1.0 | 10 | CVSS Base Score is 9.8. According to NVD data source | |
1.0 | 10 | EPSS Probability is 0.96153, EPSS Percentile is 0.99384 |
5. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-28252) - Urgent [904]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability, [zdt] Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit, [githubexploit] Exploit for Vulnerability in Microsoft, [packetstorm] Windows Common Log File System Driver (clfs.sys) Privilege Escalation) | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.9 | 10 | EPSS Probability is 0.01815, EPSS Percentile is 0.86835 |
6. Command Injection - GoAnywhere Managed File Transfery (CVE-2023-0669) - Urgent [892]
Description: Fortra (formerly, HelpSystems)
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:frycos.github.io website | |
0.97 | 15 | Command Injection | |
0.6 | 14 | GoAnywhere MFT is a secure managed file transfer software solution that streamlines the exchange of data between systems, employees, customers, and trading partners | |
0.7 | 10 | CVSS Base Score is 7.2. According to NVD data source | |
1.0 | 10 | EPSS Probability is 0.96821, EPSS Percentile is 0.99614 |
7. Security Feature Bypass - SugarCRM (CVE-2023-22952) - Urgent [891]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] SugarCRM 12.x Remote Code Execution / Shell Upload, [zdt] SugarCRM 12.x Remote Code Execution / Shell Upload Exploit, [metasploit] SugarCRM unauthenticated Remote Code Execution (RCE)) | |
0.9 | 15 | Security Feature Bypass | |
0.6 | 14 | SugarCRM is a comprehensive Customer Relationship Management (CRM) platform designed to connect your sales, marketing, and service teams | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.9 | 10 | EPSS Probability is 0.03686, EPSS Percentile is 0.90824 |
8. Command Injection - Barracuda Email Security Gateway (CVE-2023-2868) - Urgent [887]
Description: A remote command injection vulnerability exists in the
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Command Injection in Barracuda Email Security Gateway 300 Firmware) | |
0.97 | 15 | Command Injection | |
0.5 | 14 | The Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks | |
0.9 | 10 | CVSS Base Score is 9.4. According to NVD data source | |
0.9 | 10 | EPSS Probability is 0.02752, EPSS Percentile is 0.89503 |
9. Security Feature Bypass - Windows SmartScreen (CVE-2023-24880) - Critical [639]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge | |
0.4 | 10 | CVSS Base Score is 4.4. According to NVD data source | |
0.7 | 10 | EPSS Probability is 0.0044, EPSS Percentile is 0.72123 |
10. Remote Code Execution - 3CX DesktopApp (CVE-2023-29059) - High [583]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on NVD:Exploit:www.huntress.com website | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | The 3CX Phone System is the software-based private branch exchange (PBX) phone system developed and marketed by the company, 3CX | |
0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.21139 |
11. Code Injection - MOVEit Transfer (CVE-2023-35036) - High [427]
Description: In
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.97 | 15 | Code Injection | |
0.6 | 14 | Progress MOVEit is a secure Managed File Transfer (MFT) software. MOVEit enables organizations to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems. | |
0.9 | 10 | CVSS Base Score is 9.1. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00099, EPSS Percentile is 0.40595 |
12. Memory Corruption - Chromium (CVE-2023-0699) - Medium [365]
Description: Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.3 | 10 | EPSS Probability is 0.00083, EPSS Percentile is 0.34391 |