Security Vulnerabilities - Known exploited
CVE-2021-36934
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p>
<p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
Known exploited
CVSS Score
7.8
EPSS Score
0.905
Published
2021-07-22
CVE-2021-34448
Scripting Engine Memory Corruption Vulnerability
Known exploited
CVSS Score
6.8
EPSS Score
0.02
Published
2021-07-16
CVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
Known exploited
CVSS Score
9.0
EPSS Score
0.943
Published
2021-07-14
CVE-2021-34523
Microsoft Exchange Server Elevation of Privilege Vulnerability
Known exploited
CVSS Score
9.0
EPSS Score
0.941
Published
2021-07-14
CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
9.1
EPSS Score
0.942
Published
2021-07-14
CVE-2021-33766
Microsoft Exchange Server Information Disclosure Vulnerability
Known exploited
CVSS Score
7.3
EPSS Score
0.936
Published
2021-07-14
CVE-2021-33771
Windows Kernel Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.066
Published
2021-07-14
CVE-2021-31196
Microsoft Exchange Server Remote Code Execution Vulnerability
Known exploited
CVSS Score
7.2
EPSS Score
0.033
Published
2021-07-14
CVE-2021-31979
Windows Kernel Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.105
Published
2021-07-14
CVE-2021-30116
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system.
Known exploited
CVSS Score
10.0
EPSS Score
0.541
Published
2021-07-09