FOCUS MODE
EXTRACT IOC
0Trash

US-CERT Vulnerability Summary for the Week of March 3, 2025 – RedPacket Security

iocOne
US-CERT Vulnerability Summary for the Week of March 3, 2025 – RedPacket Security
CISA has issued a Vulnerability Bulletin summarizing new security vulnerabilities from the past week. The vulnerabilities are categorized based on severity and may not have assigned CVSS scores yet. Key issues include unauthenticated remote code execution, SQL injection, and privilege escalation vulnerabilities affecting various software and systems. Various organizations contribute to this bulletin, providing additional information, detecting vulnerabilities, and offering patches where available.
Affected: WordPress Plugins, ArcGIS Server, Lucee Server, Apache Ranger, E-Commerce Systems, DNS Systems, and various other applications.

Keypoints :

  • Vulnerabilities are identified based on the Common Vulnerabilities and Exposures (CVE) naming standard.
  • Severity levels are assigned as high, medium, or low based on the Common Vulnerability Scoring System (CVSS).
  • New vulnerabilities include RCE, SQL injections, and privilege escalation.
  • Patch information is provided, where available, for various issues detected.
  • Vulnerabilities cover a range of platforms and environments including WordPress and ArcGIS Server.

MITRE Techniques :

  • Execution (T1203) – Unauthenticated remote code execution vulnerability in Uniguest Tripleplay allows attackers to execute arbitrary code via HTTP GET request.
  • Exploitation for Client Execution (T1203) – Improper Control of Generation of Code vulnerability in NotFound Ark Theme Core can lead to code injection.
  • Remote Code Execution (T1203) – RCE vulnerability in the Lucee Server’s REST endpoint targets via XML XXE attack.
  • Privilege Escalation (T1068) – Vulnerability in Homey Login Register allows account creation with elevated privileges in WordPress.
  • SQL Injection (T1506) – Several SQL Injection vulnerabilities impact systems like Finder ERP and E-Travel platforms.

Indicator of Compromise :

  • [URL] http://malicious[. ]com/path
  • [Domain] malicious[. ]com
  • [Email] attacker@example[. ]com
  • [SHA-256] 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
  • [IP Address] 192.168.1.1

Full Story: https://www.redpacketsecurity.com/cisa-vulnerability-summary-for-the-week-of-march-3-2025/

Tags: CRYPTO, MONITOR, IMPACT, BANK, VULNERABILITY, PASSWORD, SMTP, PROXY