![]() Security administrators are recommended to immediately patch the vulnerabilities added by CISA to its known vulnerability list, post appropriate checking. In addition, CISA also published an Industrial Control Systems (ICS) advisory describing two critical flaws tracked as CVE-2022-26377 and CVE-2022-31813 detected in Mitsubishi Electric's MELSOFT iQ AppPortal. The flaws are impacting Mitel MiVoice Connect through 19.3, which was patched in October 2022 by Mitel.įurthermore, Federal Civilian Executive Branch agencies are urged to apply necessary security updates to secure networks against potential attacks by March 14, 2023. The active exploitation of the CVE-2022-47986 flaw got picked up after details of the flaw and PoC were shared by Assetnote on February 2, 2023.Īnother two vulnerabilities added are tracked as CVE-2022-41223 and CVE-2022-40765 with a CVSS score of 6.8, which are described as code injection and command injection vulnerabilities in Mitel MiVoice Connect, allowing an authenticated attacker to execute arbitrary code with internal network access. This flaw impacts IBM Aspera Faspex 4.4.2 Patch Level 1 and prior, which was patched in Faspex 4.4.2 Patch Level 2. The first vulnerability added is tracked as CVE-2022-47986 with a CVSS score of 9.8, which is described as a YAML deserialization vulnerability in IBM Aspera Faspex allowing a remote attacker to execute code on the system. ![]() ![]() The flaws added are impacting IBM Aspers Faspex, a centralized file transfer solution built on IBM Aspera High-Speed Transfer Server, and Mitel MiVoice Connect Client, a single client interface to manage business communications using a desk phone, computer, or mobile device. ![]() Cybersecurity and Infrastructure Security Agency (CISA) added three new security flaws to its Known Exploited Vulnerabilities catalog, which are being actively exploited. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |