New Alerts for Veritas, Palo Alto Networks (Exploit), Dell, HPE, and Citrix (Exploit).
Veritas
Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP ports can be exploited due to vulnerabilities that are inherent to the .NET Remoting service. A remote attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. CVSSv3 score of 9.8
Note the pre-requisites.
More info.
Palo Alto Networks has observed threat activity exploiting a previously reported unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet. CVSSv4 score of 9.3
No patches yet.
More info.
Dell has published Critical security updates for Connectrix Cisco MDS 900 Series and PowerProtect Data Manager.
More info.
Security vulnerabilities have been identified in Unified OSS Console (UOC) and Unified OSS Console Assurance Monitoring (UOCAM). Highest CVSSv3 score of 6.1
More info.
WatchTowr has reported a vulnerability in Virtual Apps and Desktops. An exposed MSMQ instance can be exploited, via HTTP, to enable a remote attacker to achieve RCE. Highest CVSSv3 score of 9.8
No patches yet, actively exploited.
More info. And here.
