by Artie Kaye
The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must-address exploits. As these are actively used by attackers in the wild, it is recommended to resolve the issues as soon as possible. Below are the companies, CVE numbers, and links to solutions for said problems. All links open in a new tab or window.
Fortra
GoAnywhere MFT – https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml
(Requires a user account to gain access to patch.)
TerraMaster
TerraMaster OS – https://forum.terra-master.com/en/viewtopic.php?t=3030
Intel
Ethernet Diagnostics Driver for Windows – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html
Microsoft
Windows – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823
Windows – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376
Office – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715
Apple
Multiple products affected as indicated below:
- iOS 16.3.1 – https://support.apple.com/en-us/HT213635
- macOS Ventura 13.2.1 – https://support.apple.com/en-us/HT213633
- Safari 16.3 – https://support.apple.com/en-us/HT213638
Cacti
Cacti – https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Mitel
MiVoice Connect – https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007
MiVoice Connect – https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008
IBM
Aspera Faspex – https://exchange.xforce.ibmcloud.com/vulnerabilities/243512
ZK Framework
AuUploader – https://tracker.zkoss.org/browse/ZK-5150
Third-Party References:
Click the links below to learn more details. (Opens in a new tab/window.)