The list of vulnerabilities is below –
- CVE-2022-35914 (CVSS Score: 9.8) – Teclib GLPI Remote Code Execution Vulnerability
- CVE-2022-33891 (CVSS Score: 8.8) – Apache Spark Command Injection Vulnerability
- CVE-2022-28810 (CVSS Score: 6.8) – Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
the most important of the three CVE-2022-35914It concerns a remote code execution vulnerability in the third-party library htmlawed present in . Teclib GLPIopen source assets and IT management software packages.
Exact details about the nature of the attack are unknown, but the Shadowserver Foundation announced in October 2022 that I got it We have seen exploit attempts against honeypots.
Since then, a cURL-based one-line proof-of-concept (PoC) has been made available on GitHub, and a “massive” scanner has been put up for sale. Jacob Baines, security researcher at VulnCheck Said December 2022.
Additionally, the data collected by GreyNoise include: clearly 40 malicious IP addresses from the US, Netherlands, Hong Kong, Australia, and Bulgaria are trying to exploit this shortcoming.
The second vulnerability is an unauthenticated command injection vulnerability in Apache Spark, exploited by the Zerobot botnet to leverage susceptible devices to conduct distributed denial of service (DDoS) attacks. doing.
A final addition to the KEV catalog was the Remote code execution flaw With Zoho ManageEngine ADSelfService Plus patched in April 2022.
“Multiple Zoho ManageEngine ADSelfService Plus contain unspecified vulnerabilities that could allow remote code execution when performing password changes or resets,” CISA said.
Cybersecurity company Rapid7 discovered The bug said it detected an active exploitation attempt by a threat actor, stating that it attempted to “execute arbitrary OS commands to gain persistence on the underlying system and further infiltrate the environment.” said to have detected it.
Developed as Wallarm, an API security company Said Two flaws in VMware NSX Manager (CVE-2021-39144 and CVE-2022-31678) can be used to execute malicious code or exfiltrate sensitive data after December 2022.