Center for Internet Security

Multiple vulnerabilities have been discovered in Rsync, the most severe of which could allow for remote code execution. Rsync is an open-source file synchronization and data transferring tool valued for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage. The tool is utilized extensively by backup systems like Rclone, DeltaCopy, ChronoSync, public file distribution repositories, and cloud and server management operations. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web gateway that attempts to protects users against internet-borne attacks, and provides protection and visibility to the network against unauthorized access and threats. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple Vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for authentication bypass. Ivanti Avalanche is a mobile device management system. Network security features allow one to manage wireless settings (including encryption and authentication) and apply those settings on a schedule throughout the network. Successful exploitation could allow for a remote unauthenticated attacker to bypass authentication. Depending on the privileges associated with the logged-on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple vulnerabilities have been discovered in SonicWall SonicOS that could allow for authentication bypass. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow for authentication bypass on the affected system. Depending on the privileges associated with the system, an attacker could then; view, change, or delete data.

Multiple vulnerabilities have been discovered in Ivanti Products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system.  Ivanti Connect Secure is an SSL VPN solution for remote and mobile users.Ivanti Policy Secure (IPS) is a network access control (NAC) solution which provides network access only to authorized and secured users and devices.Ivanti Neurons for Zero Trust Access (ZTA) Gateways securely connects devices to web applications, whether on-premises or in the cloud, using Zero Trust principles. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source web application framework used for developing Java web applications. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Multiple Vulnerabilities have been discovered in Sophos Firewall, the most severe of which could allow for remote code execution. Sophos Firewall is a network security solution. Successful exploitation of the most severe of these vulnerabilities could allow for unauthorized access on the system. Depending on the privileges associated with the system, an attacker could then; view, change, or delete data.

A vulnerability has been discovered in multiple Cleo products that could allow for remote code execution. Cleo’s LexiCom, VLTransfer, and Harmony is software that is commonly used to manage file transfers. Successful exploitation of this vulnerability could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.