Report Name: Qualys 2023 Threat Landscape Year in Review 12 CVEs report
Generated: 2024-01-07 23:04:18

Vulristics Vulnerability Scores

All vulnerabilities: 12
Urgent: 8
Critical: 1
High: 2
Medium: 1
Low: 0

Basic Vulnerability Scores

All vulnerabilities: 12
Critical: 6
High: 5
Medium: 1
Low: 0

Products

Product Name Prevalence U C H M L A Comment

Chromium 0.8 1 1 Chromium is a free and open-source web browser project, mainly developed and maintained by Google

Windows Common Log File System Driver 0.8 1 1 Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs

Windows SmartScreen 0.8 1 1 SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge

GoAnywhere Managed File Transfery 0.6 1 1 GoAnywhere MFT is a secure managed file transfer software solution that streamlines the exchange of data between systems, employees, customers, and trading partners

MOVEit Transfer 0.6 1 1 2 Progress MOVEit is a secure Managed File Transfer (MFT) software. MOVEit enables organizations to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems.

Microsoft Outlook 0.6 1 1 Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites

PaperCut NG 0.6 1 1 PaperCut NG is a comprehensive print management system designed to seamlessly monitor and control your resources with easy to use administrative and user tools that can be securely accessed from anywhere on the network though a web browser

SugarCRM 0.6 1 1 SugarCRM is a comprehensive Customer Relationship Management (CRM) platform designed to connect your sales, marketing, and service teams

3CX DesktopApp 0.5 1 1 The 3CX Phone System is the software-based private branch exchange (PBX) phone system developed and marketed by the company, 3CX

Aria Operations for Networks 0.5 1 1 The VMware Aria Operations for Networks Platform appliance provides the analytics, user interface, and data management and connects to the controller appliance, which collects from the various data sources such as NSX Edges, vCenter

Barracuda Email Security Gateway 0.5 1 1 The Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks

Product Name	Prevalence	U	C	H	M	A	Comment
Chromium	0.8				1	1	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Windows Common Log File System Driver	0.8	1				1	Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs
Windows SmartScreen	0.8		1			1	SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge
GoAnywhere Managed File Transfery	0.6	1				1	GoAnywhere MFT is a secure managed file transfer software solution that streamlines the exchange of data between systems, employees, customers, and trading partners
MOVEit Transfer	0.6	1		1		2	Progress MOVEit is a secure Managed File Transfer (MFT) software. MOVEit enables organizations to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems.
Microsoft Outlook	0.6	1				1	Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites
PaperCut NG	0.6	1				1	PaperCut NG is a comprehensive print management system designed to seamlessly monitor and control your resources with easy to use administrative and user tools that can be securely accessed from anywhere on the network though a web browser
SugarCRM	0.6	1				1	SugarCRM is a comprehensive Customer Relationship Management (CRM) platform designed to connect your sales, marketing, and service teams
3CX DesktopApp	0.5			1		1	The 3CX Phone System is the software-based private branch exchange (PBX) phone system developed and marketed by the company, 3CX
Aria Operations for Networks	0.5	1				1	The VMware Aria Operations for Networks Platform appliance provides the analytics, user interface, and data management and connects to the controller appliance, which collects from the various data sources such as NSX Edges, vCenter
Barracuda Email Security Gateway	0.5	1				1	The Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks

Vulnerability Types

Vulnerability Type Criticality U C H M L A

Remote Code Execution 1.0 2 1 3

Code Injection 0.97 1 1 2

Command Injection 0.97 2 2

Authentication Bypass 0.95 1 1

Security Feature Bypass 0.9 1 1 2

Elevation of Privilege 0.85 1 1

Memory Corruption 0.5 1 1

Vulnerability Type	Criticality	U	C	H	M	A
Remote Code Execution	1.0	2		1		3
Code Injection	0.97	1		1		2
Command Injection	0.97	2				2
Authentication Bypass	0.95	1				1
Security Feature Bypass	0.9	1	1			2
Elevation of Privilege	0.85	1				1
Memory Corruption	0.5				1	1

Vulnerabilities

Urgent (8)

1. Remote Code Execution - PaperCut NG (CVE-2023-27350) - Urgent [933]

Description: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on NVD:Exploit:packetstormsecurity.com website
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.6	14	PaperCut NG is a comprehensive print management system designed to seamlessly monitor and control your resources with easy to use administrative and user tools that can be securely accessed from anywhere on the network though a web browser
CVSS Base Score	1.0	10	CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile	1.0	10	EPSS Probability is 0.97229, EPSS Percentile is 0.99803

2. Code Injection - MOVEit Transfer (CVE-2023-34362) - Urgent [927]

Description: In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [githubexploit] Exploit for SQL Injection in Progress Moveit Cloud, [packetstorm] MOVEit SQL Injection, [metasploit] MOVEit SQL Injection vulnerability, [zdt] MOVEit SQL Injection Exploit)
Criticality of Vulnerability Type	0.97	15	Code Injection
Vulnerable Product is Common	0.6	14	Progress MOVEit is a secure Managed File Transfer (MFT) software. MOVEit enables organizations to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems.
CVSS Base Score	1.0	10	CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile	1.0	10	EPSS Probability is 0.89942, EPSS Percentile is 0.98539

3. Authentication Bypass - Microsoft Outlook (CVE-2023-23397) - Urgent [924]

Description: Microsoft Outlook Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft, [githubexploit] Exploit for Authentication Bypass by Capture-replay in Microsoft)
Criticality of Vulnerability Type	0.95	15	Authentication Bypass
Vulnerable Product is Common	0.6	14	Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites
CVSS Base Score	1.0	10	CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile	1.0	10	EPSS Probability is 0.8917, EPSS Percentile is 0.98484

4. Remote Code Execution - Aria Operations for Networks (CVE-2023-20887) - Urgent [916]

Description: Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Command Injection in Vmware Vrealize Network Insight, [githubexploit] Exploit for Command Injection in Vmware Vrealize Network Insight, [githubexploit] Exploit for Command Injection in Vmware Vrealize Network Insight, [metasploit] VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE, [zdt] VMWare Aria Operations For Networks Remote Command Execution Exploit, [packetstorm] VMWare Aria Operations For Networks Remote Command Execution)
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.5	14	The VMware Aria Operations for Networks Platform appliance provides the analytics, user interface, and data management and connects to the controller appliance, which collects from the various data sources such as NSX Edges, vCenter
CVSS Base Score	1.0	10	CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile	1.0	10	EPSS Probability is 0.96153, EPSS Percentile is 0.99384

5. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-28252) - Urgent [904]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability, [zdt] Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit, [githubexploit] Exploit for Vulnerability in Microsoft, [packetstorm] Windows Common Log File System Driver (clfs.sys) Privilege Escalation)
Criticality of Vulnerability Type	0.85	15	Elevation of Privilege
Vulnerable Product is Common	0.8	14	Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile	0.9	10	EPSS Probability is 0.01815, EPSS Percentile is 0.86835

6. Command Injection - GoAnywhere Managed File Transfery (CVE-2023-0669) - Urgent [892]

Description: Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on NVD:Exploit:frycos.github.io website
Criticality of Vulnerability Type	0.97	15	Command Injection
Vulnerable Product is Common	0.6	14	GoAnywhere MFT is a secure managed file transfer software solution that streamlines the exchange of data between systems, employees, customers, and trading partners
CVSS Base Score	0.7	10	CVSS Base Score is 7.2. According to NVD data source
EPSS Percentile	1.0	10	EPSS Probability is 0.96821, EPSS Percentile is 0.99614

7. Security Feature Bypass - SugarCRM (CVE-2023-22952) - Urgent [891]

Description: In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] SugarCRM 12.x Remote Code Execution / Shell Upload, [zdt] SugarCRM 12.x Remote Code Execution / Shell Upload Exploit, [metasploit] SugarCRM unauthenticated Remote Code Execution (RCE))
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.6	14	SugarCRM is a comprehensive Customer Relationship Management (CRM) platform designed to connect your sales, marketing, and service teams
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.9	10	EPSS Probability is 0.03686, EPSS Percentile is 0.90824

8. Command Injection - Barracuda Email Security Gateway (CVE-2023-2868) - Urgent [887]

Description: A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Command Injection in Barracuda Email Security Gateway 300 Firmware)
Criticality of Vulnerability Type	0.97	15	Command Injection
Vulnerable Product is Common	0.5	14	The Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks
CVSS Base Score	0.9	10	CVSS Base Score is 9.4. According to NVD data source
EPSS Percentile	0.9	10	EPSS Probability is 0.02752, EPSS Percentile is 0.89503

Critical (1)

9. Security Feature Bypass - Windows SmartScreen (CVE-2023-24880) - Critical [639]

Description: Windows SmartScreen Security Feature Bypass Vulnerability

Component	Value	Weight	Comment
Exploited in the Wild	1.0	18	Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, NVD:CISAKEV websites
Public Exploit Exists	0	17	The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.9	15	Security Feature Bypass
Vulnerable Product is Common	0.8	14	SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge
CVSS Base Score	0.4	10	CVSS Base Score is 4.4. According to NVD data source
EPSS Percentile	0.7	10	EPSS Probability is 0.0044, EPSS Percentile is 0.72123

High (2)

10. Remote Code Execution - 3CX DesktopApp (CVE-2023-29059) - High [583]

Description: 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Public Exploit Exists	1.0	17	The existence of a publicly available exploit is mentioned on NVD:Exploit:www.huntress.com website
Criticality of Vulnerability Type	1.0	15	Remote Code Execution
Vulnerable Product is Common	0.5	14	The 3CX Phone System is the software-based private branch exchange (PBX) phone system developed and marketed by the company, 3CX
CVSS Base Score	0.8	10	CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile	0.2	10	EPSS Probability is 0.00056, EPSS Percentile is 0.21139

11. Code Injection - MOVEit Transfer (CVE-2023-35036) - High [427]

Description: In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Public Exploit Exists	0	17	The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.97	15	Code Injection
Vulnerable Product is Common	0.6	14	Progress MOVEit is a secure Managed File Transfer (MFT) software. MOVEit enables organizations to meet compliance standards, easily ensure the reliability of core business processes, and secure the transfer of sensitive data between partners, customers, users and systems.
CVSS Base Score	0.9	10	CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile	0.4	10	EPSS Probability is 0.00099, EPSS Percentile is 0.40595

Medium (1)

12. Memory Corruption - Chromium (CVE-2023-0699) - Medium [365]

Description: Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Public Exploit Exists	0	17	The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.5	15	Memory Corruption
Vulnerable Product is Common	0.8	14	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score	0.9	10	CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile	0.3	10	EPSS Probability is 0.00083, EPSS Percentile is 0.34391

Low (0)

Exploitation in the wild detected (9)

Remote Code Execution (2)

PaperCut NG (CVE-2023-27350)
Aria Operations for Networks (CVE-2023-20887)

Code Injection (1)

MOVEit Transfer (CVE-2023-34362)

Authentication Bypass (1)

Microsoft Outlook (CVE-2023-23397)

Elevation of Privilege (1)

Windows Common Log File System Driver (CVE-2023-28252)

Command Injection (2)

GoAnywhere Managed File Transfery (CVE-2023-0669)
Barracuda Email Security Gateway (CVE-2023-2868)

Security Feature Bypass (2)

SugarCRM (CVE-2023-22952)
Windows SmartScreen (CVE-2023-24880)

Public exploit exists, but exploitation in the wild is NOT detected (1)

Remote Code Execution (1)

3CX DesktopApp (CVE-2023-29059)

Other Vulnerabilities (2)

Code Injection (1)

MOVEit Transfer (CVE-2023-35036)

Memory Corruption (1)

Chromium (CVE-2023-0699)