Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances
Description:
A Security Patch has been released by SonicWall for a critical flaw across multiple appliances. Tracked as CVE-2022-22274 is a stack-based buffer overflow vulnerability in the SonicOS via an HTTP request. The flaw allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. This vulnerability only impacts the web management interface. The SonicOS SSLVPN interface is not impacted. The list of affected products can be found here.
CVE_IDs:
- CVE-2022-22274
Source:
Critical SonicOS Vulnerability Affects SonicwWall Firewall Appliances (thehackernews.com)
Impact:
Successful exploitation of this vulnerability can lead to remote code execution or Denial of Service (DOS)
Suggestions and Recommendations:
Users of the affected appliances are recommended to apply the patches as soon as possible to mitigate potential threats.
Critical Sophos Firewall RCE Vulnerability Under Active Exploitation
Description:
Sophos has announced the rollout of urgent patches for a critical vulnerability in the web portal of its Sophos Firewall product. Tracked as CVE-2022-1040, affects Sophos Firewall versions 18.5 MR3 (18.5.3) and older. The flaw is related to an authentication bypass vulnerability in the user portal and webadmin interface that, if successfully exploited could allow a remote attacker to execute arbitrary code.
CVE_IDs:
- CVE-2022-1040
Source:
Critical Sophos Firewall RCE Vulnerability Under Active Exploitation (thehackernews.com)
Impact:
Successfully exploitation of this flaw could allow a remote attacker to execute arbitrary code
Suggestions and Recommendations:
The bug has been addressed in a hotfix and users are recommended to apply the fixes
Spring Core RCE Zero-Day Vulnerability
Description:
Spring has released an emergency patch to address a newly disclosed remote code execution flaw. if successfully exploited, the flaw could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions.
Spring is a software framework for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform.
CVE_IDs:
- CVE-2022-22965
Source:
SpringShell Zero-Day Vulnerability: All You Need to Know | JFrog
Impact:
Successfully exploitation of this flaw could allow a remote attacker to execute code on targeted systems.
Suggestions and Recommendations:
Users are recommended to upgrade to versions latest version
GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts
Description:
GitLab has addressed a critical vulnerability that could allow remote attackers to take over user accounts. Tracked as CVE-2022-1162 has a CVSS score of 9.1 The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in Community Edition (CE) and Enterprise Edition (EE). GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 are affected by this flaw
CVE_IDs:
- CVE-2022-1162
Source:
Impact:
Successfully exploitation of this flaw could allow a remote attacker to take over user accounts.
Suggestions and Recommendations:
We strongly recommend that all the installations running the vulnerable version to upgrade the latest version.