1. CVE-2022-37042

Severity - Critical

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

More details : https://vi.strobes.co/cve/CVE-2022-37042

Exploit references:

  1. https://github.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925
  2. https://github.com/aels/CVE-2022-37042
  3. https://github.com/projectdiscovery/nuclei-templates/tree/master/cves/2022/CVE-2022-37042.yaml

Zeroday references:

  1. https://us-cert.cisa.gov/ncas/alerts/aa22-228a

Patch references:

  1. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
  2. https://wiki.zimbra.com/wiki/Security_Center

2. CVE-2022-35804

Severity - High

SMB Client and Server Remote Code Execution Vulnerability.

More details: https://vi.strobes.co/cve/CVE-2022-35804

Zeroday references:

  1. https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/

Patch references:

  1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35804

3. CVE-2022-34715

Severity - Critical

Windows Network File System Remote Code Execution Vulnerability.

More details : https://vi.strobes.co/cve/CVE-2022-34715

Zeroday references:

  1. https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/

Patch references:

  1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34715

4. CVE-2022-34713

Severity - High

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743.

More details: https://vi.strobes.co/cve/CVE-2022-34713

Zeroday references:

  1. https://www.zero-day.cz/database/709
  2. https://threatpost.com/microsoft-patches-dogwalk-zero-day-and-17-critical-flaws/180378/

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2022080926
  2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34713

5. CVE-2022-34150

Severity - Medium

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.

More details: https://vi.strobes.co/cve/CVE-2022-34150

Zeroday references:

  1. https://portswigger.net/daily-swig/zero-day-flaws-in-gps-tracker-pose-surveillance-fuel-cut-off-risks-to-vehicles

Zero-Day Attack Prevention:

These exploits are unexpected, hence zero-day protection is required. Here are some suggestions for preventing zero-day attacks on your software and vulnerable programs.

  • Once the security patches are available, update all programs and software.
  • To secure the website, use web application software. You can precisely detect the attacks accurately.
  • Install a security package for the internet. It typically includes default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing approaches.

Stay ahead of threats using Strobes:

Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild.

x