Merge pull request #863 from e-m-b-a/known_exploited_update

CISA known exploited database update
e-m-b-a · Nov 5, 2023 · b9859fa · b9859fa
2 parents 7d3aaf1 + e6b55cb
commit b9859fa
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -1022,3 +1022,6 @@
 "CVE-2023-4966","Citrix","NetScaler ADC and NetScaler Gateway","Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability","2023-10-18","Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-11-08","Unknown","https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967"
 "CVE-2023-20273","Cisco","Cisco IOS XE Web UI","Cisco IOS XE Web UI Command Injection Vulnerability","2023-10-23","Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.","Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.","2023-10-27","Unknown","https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z"
 "CVE-2023-5631","Roundcube","Webmail","Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability","2023-10-26","Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-11-16","Unknown","https://roundcube.net/news/2023/10/16/security-update-1.6.4-released, https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15"
+"CVE-2023-46748","F5","BIG-IP Configuration Utility","F5 BIG-IP Configuration Utility SQL Injection Vulnerability","2023-10-31","F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-11-21","Unknown","https://my.f5.com/manage/s/article/K000137365"
+"CVE-2023-46747","F5","BIG-IP Configuration Utility","F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability","2023-10-31","F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-11-21","Unknown","https://my.f5.com/manage/s/article/K000137353"
+"CVE-2023-46604","Apache","ActiveMQ","Apache ActiveMQ Deserialization of Untrusted Data Vulnerability","2023-11-02","Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","2023-11-23","Unknown","https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"