CISA Update September 2023


by Artie Kaye

A monthly update of high severity flaws which are actively being exploited.  If using any of the programs or devices it is advised to take the recommended steps to mitigate.  Wyo Support News may have reported on some of these vulnerabilities in the past.  Below are the items added in August. (Links open in a new browser tab/window.)

CompanyCVEPlatformDetails
AdobeCVE-2023-26359ColdFusionhttps://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
CitrixCVE-2023-24489Content Collaborationhttps://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Ignite RealtimeCVE-2023-32315 Openfirehttps://discourse.igniterealtime.org/t/cve-2023-32315-openfire-vulnerability-update/93166

https://www.igniterealtime.org/downloads/#openfire
IvantiCVE-2023-38035 Sentryhttps://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
MicrosoftCVE-2023-38180 .NET Core and Visual Studiohttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180
RARLABCVE-2023-38831 WinRARhttp://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232
VeeamCVE-2023-27532 Backup & Replicationhttps://www.veeam.com/kb4424
ZyxelCVE-2017-18368 P66HN-T1A Routershttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe