Heimdal
article featured image

Contents:

In the ever-evolving threatscape, staying ahead of the latest vulnerabilities is crucial for individuals, organizations, and government institutions. This year, we have witnessed a plethora of vulnerabilities stretched across various software, hardware, and platforms. In this article, we will deep-dive into some of the most exploited vulnerabilities of 2023, whilst shedding light on the potential risks they posed and the steps taken to mitigate them. Enjoy and don’t forget to subscribe to the Heimdal® newsletter for more goodies.

Most Exploited Vulnerabilities by Vendor

Let’s begin with a bird’s-eye-view of all of the vulnerabilities detailed throughout this article.

CVE DesignationVendorImpacted ProductNameDescription
CVE-2023-26359AdobeColdFusionAdobe ColdFusion Deserialization of Untrusted Data VulnerabilityAdobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
CVE-2023-26360AdobeColdFusionAdobe ColdFusion Deserialization of Untrusted Data VulnerabilityAdobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
CVE-2023-29298AdobeColdFusionAdobe ColdFusion Improper Access Control VulnerabilityAdobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-38205AdobeColdFusionAdobe ColdFusion Improper Access Control VulnerabilityAdobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
CVE-2023-20963AndroidFrameworkAndroid Framework Privilege Escalation VulnerabilityAndroid Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.
CVE-2023-23529AppleMultiple ProductsApple Multiple Products WebKit Type Confusion VulnerabilityWebKit in Apple iOS, MacOS, Safari and iPadOS contains a type confusion vulnerability that may lead to code execution.
CVE-2023-28204AppleMultiple ProductsApple Multiple Products WebKit Out-of-Bounds Read VulnerabilityApple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information.
CVE-2023-28205AppleMultiple ProductsApple Multiple Products WebKit Use-After-Free VulnerabilityApple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content.
CVE-2023-28206AppleiOS, iPadOS, and macOSApple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write VulnerabilityApple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
CVE-2023-32373AppleMultiple ProductsApple Multiple Products WebKit Use-After-Free VulnerabilityApple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution.
CVE-2023-32409AppleMultiple ProductsApple Multiple Products WebKit Sandbox Escape VulnerabilityApple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox.
CVE-2023-32434AppleMultiple ProductsApple Multiple Products Integer Overflow VulnerabilityApple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
CVE-2023-32435AppleMultiple ProductsApple Multiple Products WebKit Memory Corruption VulnerabilityApple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.
CVE-2023-32439AppleMultiple ProductsApple Multiple Products WebKit Type Confusion VulnerabilityApple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content.
CVE-2023-37450AppleMultiple ProductsApple Multiple Products WebKit Code Execution VulnerabilityApple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that can allow an attacker to execute code when processing web content.
CVE-2023-38606AppleMultiple ProductsApple Multiple Products Kernel Unspecified VulnerabilityApple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
CVE-2023-26083ArmMali Graphics Processing Unit (GPU)Arm Mali GPU Kernel Driver Information Disclosure VulnerabilityArm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
CVE-2023-2868Barracuda NetworksEmail Security Gateway (ESG) ApplianceBarracuda Networks ESG Appliance Improper Input Validation VulnerabilityBarracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
CVE-2023-24489CitrixContent CollaborationCitrix Content Collaboration ShareFile Improper Access Control VulnerabilityCitrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.
CVE-2023-3519CitrixNetScaler ADC and NetScaler GatewayCitrix NetScaler ADC and NetScaler Gateway Code Injection VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
CVE-2023-27997FortinetFortiOS and FortiProxy SSL-VPNFortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow VulnerabilityFortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
CVE-2023-0669FortraGoAnywhere MFTFortra GoAnywhere MFT Remote Code Execution VulnerabilityFortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
CVE-2023-2033GoogleChromium V8 EngineGoogle Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.
CVE-2023-2136GoogleChromeGoogle Chrome Skia Integer Overflow VulnerabilityGoogle Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products.
CVE-2023-3079GoogleChromium V8 EngineGoogle Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2023-32315Ignite RealtimeOpenfireIgnite Realtime Openfire Path Traversal VulnerabilityIgnite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users.
CVE-2023-0266LinuxKernelLinux Kernel Use-After-Free VulnerabilityLinux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
CVE-2023-21674MicrosoftWindowsMicrosoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation VulnerabilityMicrosoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
CVE-2023-21715MicrosoftOfficeMicrosoft Office Publisher Security Feature Bypass VulnerabilityMicrosoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system.
CVE-2023-21823MicrosoftWindowsMicrosoft Windows Graphic Component Privilege Escalation VulnerabilityMicrosoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation.
CVE-2023-23376MicrosoftWindowsMicrosoft Windows Common Log File System (CLFS) Driver Privilege Escalation VulnerabilityMicrosoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.
CVE-2023-23397MicrosoftOfficeMicrosoft Office Outlook Privilege Escalation VulnerabilityMicrosoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
CVE-2023-24880MicrosoftWindowsMicrosoft Windows SmartScreen Security Feature Bypass VulnerabilityMicrosoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
CVE-2023-28252MicrosoftWindowsMicrosoft Windows Common Log File System (CLFS) Driver Privilege Escalation VulnerabilityMicrosoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
CVE-2023-29336MicrosoftWin32kMicrosoft Win32K Privilege Escalation VulnerabilityMicrosoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
CVE-2023-32046MicrosoftWindowsMicrosoft Windows MSHTML Platform Privilege Escalation VulnerabilityMicrosoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
CVE-2023-32049MicrosoftWindowsMicrosoft Windows Defender SmartScreen Security Feature Bypass VulnerabilityMicrosoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
CVE-2023-35311MicrosoftOutlookMicrosoft Outlook Security Feature Bypass VulnerabilityMicrosoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
CVE-2023-36874MicrosoftWindowsMicrosoft Windows Error Reporting Service Privilege Escalation VulnerabilityMicrosoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2023-36884MicrosoftWindowsMicrosoft Windows Search Remote Code Execution VulnerabilityMicrosoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.
CVE-2023-38180Microsoft.NET Core and Visual StudioMicrosoft .NET Core and Visual Studio Denial-of-Service VulnerabilityMicrosoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service.
CVE-2023-28432MinIOMinIOMinIO Information Disclosure VulnerabilityMinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
CVE-2023-29492Novi SurveyNovi SurveyNovi Survey Insecure Deserialization VulnerabilityNovi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.
CVE-2023-21839OracleWebLogic ServerOracle WebLogic Server Unspecified VulnerabilityOracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
CVE-2023-27350PaperCutMF/NGPaperCut MF/NG Improper Access Control VulnerabilityPaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
CVE-2023-34362ProgressMOVEit TransferProgress MOVEit Transfer SQL Injection VulnerabilityProgress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.
CVE-2023-38831RARLABWinRARRARLAB WinRAR Code Execution VulnerabilityRARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-25717Ruckus WirelessMultiple ProductsMultiple Ruckus Wireless Products CSRF and RCE VulnerabilityRuckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.
CVE-2023-21492SamsungMobile DevicesSamsung Mobile Devices Insertion of Sensitive Information Into Log File VulnerabilitySamsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
CVE-2023-22952SugarCRMMultiple ProductsMultiple SugarCRM Products Remote Code Execution VulnerabilityMultiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
CVE-2023-1389TP-LinkArcher AX21TP-Link Archer AX-21 Command Injection VulnerabilityTP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
CVE-2023-27532VeeamBackup & ReplicationVeeam Backup & Replication Cloud Connect Missing Authentication for Critical Function VulnerabilityVeeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
CVE-2023-20867VMwareToolsVMware Tools Authentication Bypass VulnerabilityVMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.
CVE-2023-20887VMwareAria Operations for NetworksVMware Aria Operations for Networks Command Injection VulnerabilityVMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.
CVE-2023-37580ZimbraCollaboration (ZCS)Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) VulnerabilityZimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data.
CVE-2023-27992ZyxelMultiple Network-Attached Storage (NAS) DevicesZyxel Multiple NAS Devices Command Injection VulnerabilityMultiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.
CVE-2023-28771ZyxelMultiple FirewallsZyxel Multiple Firewalls OS Command Injection VulnerabilityZyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
CVE-2023-33009ZyxelMultiple FirewallsZyxel Multiple Firewalls Buffer Overflow VulnerabilityZyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.
CVE-2023-33010ZyxelMultiple FirewallsZyxel Multiple Firewalls Buffer Overflow VulnerabilityZyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.

Adobe Vulnerabilities

In 2023, two notable vulnerabilities, CVE-2023-26359 & CVE-2023-26360, both related to Adobe ColdFusion, have been identified. These vulnerabilities revolved around the deserialization of untrusted data, which could potentially allow attackers to execute arbitrary code on the victims’ systems.

Adobe was quick to address these vulnerabilities by releasing patches and updates, stressing the importance of keeping software up to date, as patching known vulnerabilities is a fundamental step in maintaining system security.

Additionally, the same vendor reported CVE-2023-29298 and CVE-2023-38205 both tied to improper access control vulnerabilities. These types of vulnerabilities could potentially allow unauthorized users to gain access to sensitive data or perform malicious actions on object.

Android Vulnerability

Whereas Android is concerned, CVE-2023-2096 made headlines in 2023. This privilege escalation vulnerability could potentially allow malicious applications to gain elevated permissions, compromising the security and privacy of Android devices.

Google, the parent company of Android, addressed this vulnerability by releasing timely updates and patches. It serves as a reminder for Android users to regularly update their devices to protect against known vulnerabilities.

Apple Vulnerabilities

Apple, known for its stringent security measures, reported several notable vulnerabilities in 2023.

  • CVE-2023-23529, CVE-2023-28204, CVE-2023-28205, and CVE-2023-28206 pertained to the WebKit engine, which powers Apple’s web browsers. These vulnerabilities included type confusion, out-of-bounds read, use-after-free, and out-of-bounds write issues. Successful exploitation could lead to remote code execution, demonstrating the importance of securing web rendering engines.
  • CVE-2023-32373, CVE-2023-32409, CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439 continued to highlight vulnerabilities in WebKit, showcasing the ongoing efforts required to secure web browsing. These vulnerabilities encompassed use-after-free, sandbox escape, integer overflow, memory corruption, and type confusion issues.
  • CVE-2023-37450 underscored the seriousness of WebKit vulnerabilities, indicating the potential for code execution.
  • CVE-2023-38606 delved into a kernel vulnerability within Apple products, which is a core component of the operating system. Kernel vulnerabilities can provide attackers with system-level access.

ARM Vulnerability

The ARM Mali Graphics Processing Unit (GPU) encountered a vulnerability in 2023, CVE-2023-26083, specifically related to the kernel driver. Information disclosure vulnerabilities, although not as severe as some other types, can still provide valuable insights to potential attackers. ARM promptly addressed this issue.

Barracuda Networks Vulnerability

CVE-2023-2868 exposed a vulnerability in Barracuda Networks’ Email Security Gateway (ESG) Appliance. This vulnerability, related to improper input validation, could potentially be exploited by attackers to bypass security controls and gain unauthorized access. Barracuda Networks responded swiftly by releasing patches and updates.

Citrix Vulnerabilities

Citrix faced vulnerabilities in its products in 2023. CVE-2023-24489 highlighted an improper access control vulnerability in Citrix Content Collaboration (ShareFile). Such vulnerabilities can lead to unauthorized access to sensitive data, and Citrix acted promptly to address this issue.

Another Citrix vulnerability, CVE-2023-3519, related to its NetScaler ADC and NetScaler Gateway products, raised concerns due to its potential for code injection. Code injection vulnerabilities are especially dangerous as they can allow attackers to execute arbitrary code on affected systems.

Fortinet Vulnerability

CVE-2023-27997 pertained to Fortinet’s FortiOS and FortiProxy SSL-VPN, highlighting a heap-based buffer overflow vulnerability. Buffer overflow vulnerabilities are serious as they can lead to remote code execution.

Fortra Vulnerability

CVE-2023-0669 exposed a remote code execution vulnerability in Fortra GoAnywhere MFT. Remote code execution vulnerabilities are among the most severe, as they allow attackers to execute code on a remote system.

Fortra’s response to this vulnerability was crucial in preventing potential exploitation, emphasizing the necessity of secure coding practices and ongoing security assessments.

Google Vulnerabilities

Google’s Chromium V8 engine and Chrome browser faced vulnerabilities in 2023. CVE-2023-2033 and CVE-2023-3079 both highlighted type confusion vulnerabilities in the V8 engine, which powers Google’s Chrome browser.

Additionally, CVE-2023-2136 pointed to an integer overflow vulnerability in Google Chrome’s Skia graphics library. Such vulnerabilities could be used by attackers to execute malicious code in the context of the browser.

Ignite Realtime Vulnerability

CVE-2023-32315 highlighted a path traversal vulnerability in Ignite Realtime’s Openfire, a real-time collaboration server. Path traversal vulnerabilities can allow unauthorized access to files and directories.

Linux Kernel Vulnerability

CVE-2023-0266 exposed a use-after-free vulnerability in the Linux Kernel. The Linux Kernel is a critical component of many operating systems, and vulnerabilities within it can have widespread implications. The Linux community swiftly addressed this issue.

Microsoft Vulnerabilities

Microsoft, a frequent target for attackers, encountered numerous vulnerabilities in 2023 across its various products. These vulnerabilities ranged from privilege escalation to code execution:

  • CVE-2023-21674 highlighted a privilege escalation vulnerability in Microsoft Windows Advanced Local Procedure Call (ALPC). Privilege escalation vulnerabilities can allow attackers to gain elevated permissions on a system.
  • CVE-2023-21715 pertained to a security feature bypass vulnerability in Microsoft Office Publisher, showcasing the importance of validating security mechanisms in productivity software.
  • CVE-2023-21823 exposed a privilege escalation vulnerability in Microsoft Windows Graphic Component, indicating the need for robust access control measures
  • CVE-2023-23376 and CVE-2023-28252 both related to privilege escalation vulnerabilities in Microsoft Windows Common Log File System (CLFS) driver. These vulnerabilities highlighted the importance of securing critical system components.
  • CVE-2023-23397, CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, CVE-2023-36874, and CVE-2023-36884 pointed to various privilege escalation and security feature bypass vulnerabilities in Microsoft Windows and Office products. These vulnerabilities showcased the ongoing efforts required to secure Microsoft’s extensive software ecosystem.
  • CVE-2023-38180 pertained to a denial-of-service vulnerability in Microsoft .NET Core and Visual Studio, underscoring the importance of ensuring software resilience.

Microsoft’s response to these vulnerabilities demonstrated its commitment to maintaining the security of its products and the importance of timely updates and patches.

MinIO Vulnerability

CVE-2023-28432 exposed an information disclosure vulnerability in MinIO, an object storage server. Information disclosure vulnerabilities can potentially expose sensitive data.

Novi Survey Vulnerability

CVE-2023-29492 pointed to an insecure deserialization vulnerability in Novi Survey, a survey and assessment platform. Insecure deserialization vulnerabilities can lead to remote code execution. Novi Survey’s response to this vulnerability demonstrates the necessity of secure coding practices in web application development.

Oracle Vulnerability

CVE-2023-21839 highlighted an unspecified vulnerability in Oracle WebLogic Server. While the details of this vulnerability remain undisclosed, Oracle’s swift response serves as a reminder of the importance of vigilance in maintaining the security of critical enterprise software.

PaperCut Vulnerability

CVE-2023-27350 exposed an improper access control vulnerability in PaperCut MF/NG, a print management and tracking solution. Improper access control vulnerabilities can lead to unauthorized access to sensitive printing data.

PaperCut addressed this vulnerability, highlighting the importance of robust access control mechanisms in print management solutions.

Progress Vulnerability

Progress’s MOVEit Transfer faced a SQL injection vulnerability, earmarked as CVE-2023-34362. SQL injection vulnerabilities can allow attackers to manipulate databases and gain unauthorized access to data.

RARLAB Vulnerability

RARLAB’s WinRAR, a popular compression utility, encountered a code execution vulnerability in CVE-2023-38831. Code execution vulnerabilities in widely used software can have significant implications for users. RARLAB’s response to this vulnerability underscores the importance of ensuring the security of software used by millions worldwide.

Ruckus Wireless Vulnerability

CVE-2023-25717 pointed to CSRF (Cross-Site Request Forgery) and RCE (Remote Code Execution) vulnerabilities in multiple Ruckus Wireless products. These types of vulnerabilities can allow attackers to execute malicious actions on behalf of authenticated users.

Samsung Vulnerability

CVE-2023-21492 exposed an insertion of sensitive information into log files vulnerability in Samsung Mobile Devices. This vulnerability could potentially lead to the exposure of sensitive user data.

SugarCRM Vulnerability

Multiple SugarCRM products faced a remote code execution vulnerability in CVE-2023-22952. Remote code execution vulnerabilities are particularly severe, as they can allow attackers to execute arbitrary code on affected systems.

TP-Link Vulnerability

CVE-2023-1389 exposed a command injection vulnerability in TP-Link’s Archer AX21 router. Command injection vulnerabilities can allow attackers to execute arbitrary commands on the router, potentially compromising the network’s security.

Veeam Vulnerability

CVE-2023-27532 highlighted a missing authentication for critical function vulnerability in Veeam Backup & Replication Cloud Connect. Missing authentication vulnerabilities can potentially allow unauthorized access to critical functions.

VMware Vulnerabilities

VMware encountered vulnerabilities in two of its products in 2023:

  • CVE-2023-20867 pertained to an authentication bypass vulnerability in VMware Tools. Authentication bypass vulnerabilities can allow unauthorized access to virtualized systems.
  • CVE-2023-20887 exposed a command injection vulnerability in VMware Aria Operations for Networks. Command injection vulnerabilities can allow attackers to execute arbitrary commands on affected systems.

Zimbra Vulnerability

CVE-2023-37580 pointed to a cross-site scripting (XSS) vulnerability in Zimbra Collaboration (ZCS), a collaborative email and calendar platform. XSS vulnerabilities can potentially allow attackers to inject malicious scripts into web pages viewed by other users.

Zyxel Vulnerabilities

Zyxel encountered multiple vulnerabilities across its network-attached storage (NAS) devices and firewalls in 2023:

  • CVE-2023-27992 exposed a command injection vulnerability in Zyxel Multiple NAS Devices. Command injection vulnerabilities can allow attackers to execute arbitrary commands on affected devices.
  • CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010 pointed to OS command injection and buffer overflow vulnerabilities in Zyxel Multiple Firewalls. These vulnerabilities could potentially allow attackers to execute arbitrary code on the firewalls.

Conclusion

The year 2023 witnessed a diverse range of vulnerabilities across various software, hardware, and platforms. These vulnerabilities serve as a reminder of the ongoing challenges in maintaining cybersecurity in an increasingly interconnected world.

Key takeaways from these vulnerabilities include the importance of:

  • Timely Updates and Patching: Keeping software and systems up to date is essential to mitigate known vulnerabilities.
  • Secure Coding Practices: Implementing robust security measures during software development can prevent vulnerabilities from emerging.
  • Access Control: Proper access control mechanisms are crucial to prevent unauthorized access to sensitive data and functionalities.
  • Vigilance: Continuously monitoring and assessing systems for vulnerabilities is essential in today’s threat landscape.
  • Community Collaboration: Open-source and community-driven software benefit from collaborative efforts to address vulnerabilities promptly.
  • Automatic Patching: if configured correctly, an automatic patching solution can ensure timely (and correct) deployment and a low risk of incompatibility. Heimdal®’s Patch & Asset Management can aid you in quickly distributing your patches, regardless if they are OS-specific, 3rd party, proprietary, or UX/UI-oriented.
Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE