US-CERT Vulnerability Summary for the Week of February 3, 2025 – RedPacket Security

US-CERT Vulnerability Summary for the Week of February 3, 2025 – RedPacket Security
The CISA Vulnerability Bulletin reports on new vulnerabilities identified within the past week, detailing their severity and impact based on the Common Vulnerability Scoring System (CVSS). Several vulnerabilities lack CVSS scores but involve critical systems including industrial automation, cybersecurity tools, and various software applications. Affected: 2N Access Commander, ABB ASPECT-Enterprise, Advantive VeraCore, Alexandros Georgiou Bitcoin Wallets, AMD EPYC, Apache Cassandra, Apache James server, Apache ShardingSphere, Cisco Identity Services Engine, IBM Cognos Analytics, and more.

Keypoints :

  • CISA Vulnerability Bulletin highlights new vulnerabilities recorded over the past week.
  • Vulnerabilities organized by severity using the CVSS standard.
  • High vulnerabilities score between 7.0–10.0, medium between 4.0–6.9, and low from 0.0–3.9.
  • Some vulnerabilities lack assigned CVSS scores.
  • Information from the bulletin may include identifying details and patch information.
  • Many vulnerabilities impact critical infrastructure and widely used applications.
  • Recommendations for users to upgrade or apply patches.

MITRE Techniques :

  • MITRE Technique: T1071.001 (Application Layer Protocol: Web Protocols) – related to various vulnerabilities impacting communication protocols.
  • MITRE Technique: T1203 (Exploitation for Client Execution) – applicable to web page generation vulnerabilities enabling cross-site scripting.
  • MITRE Technique: T1078 (Valid Accounts) – can relate to hard-coded credentials vulnerabilities in some impacted products.

Indicator of Compromise :

  • [CVE] CVE-2025-237992 (2N Access Commander)
  • [CVE] CVE-2024-47258 (ABB ASPECT-Enterprise)
  • [CVE] CVE-2024-51547 (Advantive VeraCore)
  • [CVE] CVE-2024-57968 (Alexandros Georgiou Bitcoin Wallets)
  • [CVE] CVE-2025-24544 (AMD EPYC)


Full Story: https://www.redpacketsecurity.com/cisa-vulnerability-summary-for-the-week-of-february-3-2025/