NVD disclosure day

Published threat advisories for September 27, 2023

CVE advisoryKnown Exploit

CVE-2023-20109

Cisco IOS GET VPN Vulnerability Allows Code Execution and Denial of Service.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in Cisco's Group Encrypted Transport VPN feature allows an authenticated attacker with administrative control to execute arbitrary code or cause a denial of service. This impacts systems using specific versions of Cisco IOS and IOS XE Software. Business risk includes potential full system compromise or

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2023-40044

WS_FTP Server Remote Command Execution Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A .NET deserialization vulnerability in WS_FTP Server's Ad Hoc Transfer module allows a pre-authenticated attacker to execute commands on the operating system. This affects the integrity of affected systems and poses a business risk of unauthorized access and data compromise.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2023-36851

Juniper Junos OS SRX Series File Integrity Risk

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Juniper Networks Junos OS on SRX Series devices are affected by a vulnerability allowing unauthorized file uploads. This could lead to file system integrity loss and potentially enable further compromise. The business risk involves potential data manipulation and unauthorized access to system files.

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2023-35071

Attackers can steal customer data and take control of systems using the Logging Administration Panel.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Hackers can steal sensitive customer data and take control of systems using the MRV Tech Logging Administration Panel by injecting malicious commands, an issue that is especially concerning due to its potential internet exposure.

NVD published: