Center for Internet Security

Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution as root, which may lead to the complete compromise of the affected device.

A vulnerability has been discovered in CWP (aka Control Web Panel or CentOS Web Panel), which could allow for remote code execution. CWP, or Control Web Panel, is a free server administration tool for enterprise-based Linux distributions like CentOS, which simplifies managing web hosting services. The admin interface (accessible on port 2087 or 2031) and the user interface (accessible on port 2083) serve distinct roles in server management. There are both PHP based applications but the admin interface, secured by HTTPS on port 2087, is designed for system administrators and provides full control over the server, allowing tasks such as configuring web servers (Apache/NGINX), managing DNS, setting up email services, creating user accounts, monitoring resources, and implementing security measures like Config Server Firewall (CSF). It requires root or admin credentials for access. Successful exploitation of this vulnerability could allow an actor to bypass the authentication process and trigger a command injection in the application.

A vulnerability has been discovered in Microsoft Windows Server Update Services (WSUS) which could allow for remote code execution. WSUS is a tool that helps organizations manage and distribute Microsoft updates across multiple computers. Instead of every PC downloading updates from Microsoft’s servers, WSUS downloads the updates and stores them, then distributes them to all computers on the network that connect to it. Successful exploitation of the vulnerability could allow an attacker to gain full control of the WSUS server and distribute malicious updates to client devices.

Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.

Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system.Ivanti Endpoint Manager is a client-based unified endpoint management software.Ivanti Endpoint Manager Mobile (Ivanti EPMM) is a mobile management software engine that enables mobile device, application, and content management.Ivanti Neurons for Mobile Device Management (MDM) is a platform designed to streamline the management and security of mobile devices across various operating systems.Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.