Tag: RCE Vulnerability

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability
News

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Ivanti has notified customers of a serious remote code execution vulnerability that affects Standalone Sentry and is advising them to update their systems right away to remain safe from possible online attacks. The vulnerability, identified as CVE-2023-41724, has a 9.6 CVSS score. Within the same physical or logical network, an unauthenticated threat actor can execute arbitrary commands on the appliance's underlying operating system, according to the business. The bug affects previous versions as well as all supported versions 9.17.0, 9.18.0, and 9.19.0. The 9.17.1, 9.18.1, and 9.19.1 patch, according to the corporation, is now available for download through the usual download channel. The NATO Cyber Security Center's Vincent Hutsebaut read more Ivanti Releases Urgent Fix for Cri...
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
News

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Details of a significant security vulnerability that has been fixed in Fortra's FileCatalyst file transfer software have been made public. This vulnerability might give unauthenticated attackers access to remote code execution on vulnerable servers. The vulnerability, identified as CVE-2024-25153, has a CVSS score of 9.8 out of a possible 10. Using a specifically constructed POST request, files can be uploaded outside of the intended 'uploadtemp' directory using a directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Web Portal, the business stated in an alert last week. When a file is successfully uploaded to the DocumentRoot of a web portal, specifically designed JSP files may be used to run programs read more Fortra Patches Critical RCE Vulnerability in File...
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
News

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Updates have been made available by Juniper Networks to address a serious remote code execution (RCE) vulnerability in its EX Series switches and SRX Series firewalls. The problem, identified by the tracking number CVE-2024-21591, has a CVSS rating of 9.8. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the device," the business stated in an advisory. The leading player in networking equipment, which Hewlett Packard Enterprise (HPE) plans to acquire for $14 billion, claimed that the problem stems read more Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches. ...