Threat Advisories - NVD Disclosed December 8, 2021

CVE-2021-44529

Ivanti CSA Code Injection Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A code injection vulnerability affects the Ivanti EPM Cloud Services Appliance. This allows unauthenticated users to execute arbitrary code, posing a risk of unauthorized system access and potential data compromise. The business risk is significant due to the potential for attackers to gain limited control over affecte

NVD published: December 8, 2021 • CISA KEV

CVE advisoryKnown Exploit

CVE-2021-27860

FatPipe Software File Upload Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in FatPipe network devices allows an unauthenticated attacker to upload files to the filesystem. This could affect system integrity and data confidentiality, posing a business risk.

NVD published: December 8, 2021 • CISA KEV

CVE advisoryKnown Exploit

CVE-2021-20038

SonicWall SMA Appliances: Remote Code Execution Risk

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A stack-based buffer overflow vulnerability affects SonicWall SMA 100 series appliances. This allows an unauthenticated remote attacker to execute code on the appliance. Business risk includes potential data compromise and unauthorized network access.

NVD published: December 8, 2021 • CISA KEV