Bobby Gould

**Name of the Vulnerable Software and Affected Versions** Allegra (affected versions not specified) **Description** A flaw in the `downloadAttachment()` method allows remote attackers to execute arbitrary scripts on affected installations. This occurs due to insufficient validation of user-supplied data, enabling script injection in the context of the current user. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine versions prior to 3.2 Patch 8 Cisco ISE Passive Identity Connector versions prior to 3.2 Patch 8 Cisco Identity Services Engine versions prior to 3.3 Patch 8 Cisco ISE Passive Identity Connector versions prior to 3.3 Patch 8 Cisco Identity Services Engine versions prior to 3.4 Patch 4 Cisco ISE Passive Identity Connector versions prior to 3.4 Patch 4 Cisco Identity Services Engine version 3.5 and later **Description** The issue is an XML External Entity (XXE) processing flaw within the licensing feature of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This flaw allows an authenticated attacker with administrative privileges to upload a malicious file, potentially enabling them to read arbitrary files from the underlying operating system. This could expose sensitive data, including credentials and configurations. A public Proof-of-Concept (PoC) exploit code is available, increasing the risk of exploitation. The vulnerability is due to improper parsing of XML processed by the web-based management interface. There have been no reported real-world exploits at this time. The **API endpoints** involved are not explicitly mentioned. The vulnerability involves the processing of XML files, and the attacker can upload a malicious file. The vulnerable component is the XML parser used in the licensing feature. **Recommendations** Upgrade Cisco Identity Services Engine to version 3.2 Patch 8 or later. Upgrade Cisco ISE Passive Identity Connector to version 3.2 Patch 8 or later. Upgrade Cisco Identity Services Engine to version 3.3 Patch 8 or later. Upgrade Cisco ISE Passive Identity Connector to version 3.3 Patch 8 or later. Upgrade Cisco Identity Services Engine to version 3.4 Patch 4 or later. Upgrade Cisco ISE Passive Identity Connector to version 3.4 Patch 4 or later. If using version 3.5 or later, no action is required.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine and Cisco ISE-PIC versions 3.3 and later Cisco ISE versions prior to 3.3 Patch 7 Cisco ISE versions prior to 3.4 Patch 2 **Description** A vulnerability exists in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input. This allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The vulnerability is actively exploited and a complete exploit chain has been published. The API abuse of this vulnerability was observed in the CoinDCX breach. The vulnerability allows attackers to send crafted API requests to execute commands without requiring valid credentials. **Recommendations** Update Cisco ISE to version 3.3 Patch 7 or later. Update Cisco ISE to version 3.4 Patch 2 or later.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. This allows an attacker to manipulate users into visiting a malicious page or file, potentially executing code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 version 2.1.0.10 **Description** The issue is related to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This allows an attacker to manipulate an insider to visit a malicious page or file, potentially leading to the execution of code in the context of the current process. The vulnerability poses a serious cybersecurity threat due to the possibility of remote code execution. **Recommendations** For Delta Electronics CNCSoft-G2 version 2.1.0.10, upgrade immediately to mitigate the risk of system compromise on affected devices. As a temporary workaround, consider restricting access to potentially vulnerable file parsing functions until a patch is available. Avoid using the software to parse untrusted files, such as ALM, DPAX, or CMT files, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This allows an attacker to manipulate users into visiting a malicious page or file, which can lead to the execution of code in the context of the current process. The vulnerability enables remote attackers to execute arbitrary code on affected installations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This can be exploited by an attacker to execute code in the context of the current process by manipulating users into visiting a malicious page or file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to the lack of proper initialization of memory prior to accessing it in Delta Electronics CNCSoft-G2. An attacker can manipulate users into visiting a malicious page or file, which can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to a lack of proper validation of user-supplied data, which can result in a memory corruption condition. This can be exploited if a target visits a malicious page or opens a malicious file, allowing an attacker to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This can be exploited if a target visits a malicious page or opens a malicious file, allowing an attacker to execute code in the context of the current process. The vulnerability is related to the DPAX file parsing and can lead to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This can be exploited if a target visits a malicious page or opens a malicious file, allowing an attacker to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delta Electronics CNCSoft-G2 (affected versions not specified) **Description** The issue is related to a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This can be leveraged by an attacker to execute code in the context of the current process if a target visits a malicious page or opens a malicious file. The vulnerability is related to DPAX file parsing and can lead to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PDF-XChange Editor (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this issue. The specific flaw exists within the update functionality, resulting from the lack of proper validation of the certificate presented by the server. An attacker can leverage this issue to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.