Kentaro Kawane

**Name of the Vulnerable Software and Affected Versions** Windows Kernel (affected versions not specified) **Description** A heap-based buffer overflow in the Windows Kernel allows an authorized local attacker to elevate their privileges to administrative levels. A heap-based buffer overflow occurs when a program writes more data to a heap-allocated memory block than it can hold, potentially corrupting adjacent memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flowmon versions prior to 12.5.5 **Description** Flowmon network monitoring solutions are affected by an issue that allows an authenticated administrator to execute additional unintended commands within scripts designed for troubleshooting. This indicates a command injection or script manipulation vulnerability. The issue requires administrator privileges and access to the management interface. **Recommendations** Update Flowmon to version 12.5.5 or later.

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine (affected versions not specified) Description: A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This issue is due to improper validation of the file copy function. An attacker could exploit this by sending a crafted file upload using the Cisco ISE GUI, potentially allowing the upload of arbitrary files to an affected system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ISE (affected versions not specified) Cisco ISE-PIC (affected versions not specified) **Description** A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This issue is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ISE (affected versions not specified) Cisco ISE-PIC (affected versions not specified) **Description** A flaw exists in the IP Access Restriction feature that may allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This is due to improper enforcement of access controls when using the IP Access Restriction feature. An attacker could exploit this by logging in to the `API` from an unauthorized source IP address, potentially gaining access to the device despite IP restrictions. The attacker must have valid administrative credentials to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ISE (affected versions not specified) Cisco ISE-PIC (affected versions not specified) **Description** A vulnerability exists in a specific API of Cisco ISE and Cisco ISE-PIC that could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This issue is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nimesa Backup and Recovery (affected versions not specified) Description: A server-side request forgery (SSRF) issue exists, which may allow unintended requests to be sent to internal servers if exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nimesa Backup and Recovery versions 2.3 through 2.4 Description: An OS command injection issue exists, allowing arbitrary OS commands to be executed on the server where the product is running if exploited. Recommendations: For versions 2.3 and 2.4, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ISE and Cisco ISE-PIC versions 3.4 **Description** A vulnerability exists in an internal API of Cisco ISE and Cisco ISE-PIC due to missing file validation checks. This allows an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute them on the underlying operating system as root. The attacker could exploit this by uploading a crafted file, potentially storing malicious files and executing arbitrary code or gaining root privileges. This issue is actively exploited in real-world attacks. **Recommendations** Update Cisco ISE and Cisco ISE-PIC version 3.4 to a fixed version.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine and Cisco ISE-PIC versions 3.3 and later Cisco ISE versions prior to 3.3 Patch 7 Cisco ISE versions prior to 3.4 Patch 2 **Description** A vulnerability exists in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input. This allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The vulnerability is actively exploited and a complete exploit chain has been published. The API abuse of this vulnerability was observed in the CoinDCX breach. The vulnerability allows attackers to send crafted API requests to execute commands without requiring valid credentials. **Recommendations** Update Cisco ISE to version 3.3 Patch 7 or later. Update Cisco ISE to version 3.4 Patch 2 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine and Cisco ISE-PIC versions 3.3 and 3.4 Cisco Identity Services Engine versions prior to 3.3 Patch 7 Cisco ISE-PIC versions prior to 3.4 Patch 2 **Description** A critical vulnerability exists in a specific API of Cisco Identity Services Engine (ISE) and Cisco ISE-PIC. This flaw allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system with root privileges. The vulnerability is due to insufficient validation of user-supplied input, enabling exploitation through crafted API requests. The vulnerability is actively exploited. It is estimated that over 1,000 services are vulnerable. The exploitation of this vulnerability, along with CitrixBleed 2, was observed in a coordinated attack by a sophisticated threat actor. The attacker utilized custom malware and backdoors to gain administrative access to compromised systems. The malware used for ISE was designed to run in memory and registered as an HTTP handler. **API Endpoints:** The vulnerability is triggered through a crafted API request. **Vulnerable Parameters or Variables:** User-supplied input is not properly validated. **Recommendations** Cisco Identity Services Engine versions prior to 3.3 Patch 7: Upgrade to version 3.3 Patch 7 or later. Cisco ISE-PIC versions prior to 3.4 Patch 2: Upgrade to version 3.4 Patch 2 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) versions 3.1 through 3.4 **Description** A flaw in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services. This issue occurs because credentials are improperly generated during deployment on cloud platforms, causing different deployments to share the same static credentials if the software release and cloud platform are identical. An attacker could extract these credentials from one cloud-deployed instance and use them to access other instances via unsecured ports. This issue specifically affects environments where the Primary Administration node is deployed in the cloud; on-premises Primary Administration nodes are not affected. **Recommendations** Update Cisco Identity Services Engine (ISE) versions 3.1 through 3.4 to a patched version.

**Name of the Vulnerable Software and Affected Versions** Dell Avamar versions 19.x **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a 'SQL Injection' vulnerability. This could allow an unauthenticated attacker with remote access to potentially exploit the vulnerability, leading to command execution. The vulnerability is related to the Web Restore Login Action. **Recommendations** For Dell Avamar versions 19.x, consider disabling the Web Restore Login Action as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Avamar versions 19.x **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This could allow a low-privileged attacker with remote access to potentially exploit the vulnerability, leading to command execution. **Recommendations** For version 19.x, update to a version that fixes the SQL Injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ISE (affected versions not specified) **Description** A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. This issue is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this by sending a crafted API request to an affected device, allowing them to read or delete arbitrary files on the underlying operating system. The attacker would need valid Super Admin credentials to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified) Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This issue exists due to inadequate validation of user input. An attacker could exploit this by authenticating as an Administrator and sending crafted SQL queries to an affected system, potentially obtaining unauthorized data from the database and making changes to the system. The attacker would need Administrator-level privileges to exploit this vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified) Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This issue exists due to inadequate validation of user input. An attacker could exploit this by authenticating as an Administrator and sending crafted SQL queries to an affected system, potentially obtaining unauthorized data from the database and making changes to the system. The attacker would need Administrator-level privileges to exploit this vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center (FMC) Software (affected versions not specified) Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This issue exists due to inadequate validation of user input. An attacker could exploit this by authenticating as an Administrator and sending crafted SQL queries to an affected system, potentially obtaining unauthorized data from the database and making changes to the system. The attacker would need Administrator-level privileges to exploit this vulnerability. Recommendations: To resolve this issue, update the Cisco Secure Firewall Management Center (FMC) Software to a version that includes the necessary security patches. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Restrict Administrator-level privileges to only those who require them, to reduce the potential attack surface.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Deep Discovery Inspector versions 5.8 and above **Description** A vulnerability in Trend Micro Deep Discovery Inspector could allow an attacker to disclose sensitive information from affected installations. The attacker must first obtain the ability to execute high-privileged code, such as admin user rights, on the target system in order to exploit this issue. **Recommendations** For versions 5.8 and above, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Deep Discovery Inspector versions 5.8 and above **Description** A vulnerability in Trend Micro Deep Discovery Inspector could allow an attacker to disclose sensitive information from affected installations. To exploit this issue, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** For versions 5.8 and above, at the moment, there is no information about a newer version that contains a fix for this vulnerability.