Key Vulnerabilities and Threats Up to September 15th

[Shreya]

Windows MSHTML Zero-Day Vulnerability 
The Windows MSHTML platform spoofing vulnerability, CVE-2024-43461, which affects all supported Windows versions, is exploited in the wild. CVSS Score: 8.8

Cisco Web-Based Management Interface Vulnerability 
The flaw tracked as CVE-2024-20381 allows authenticated remote attackers to modify the configuration of affected devices and escalate privileges. CVSS Score: 8.8

Citrix Workspace App Vulnerabilities 
Citrix has released security updates to address two critical vulnerabilities, tracked as CVE-2024-7889 and CVE-2024-7890, affecting the Citrix Workspace app for Windows. CVSS Scores: 7.2, 5.4

Palo Alto Networks PAN-OS Command Injection Vulnerability 
Palo Alto Networks detected a high-severity command injection vulnerability (CVE-2024-8686) in its PAN-OS software that could allow authenticated admins to bypass system restrictions. CVSS Score: 7.2

SolarWinds ARM Vulnerability 
The vulnerabilities, CVE-2024-28990 and CVE-2024-28991, allow attackers to bypass authentication and execute remote code, posing significant security risks. CVSS Scores: 6.3, 9.0

[Author]

Posts