Overview
Juniper have released a security advisory addressing multiple vulnerabilities affecting Juniper Secure Analytics. There are 2 critical vulnerabilities with base scores of 9.8. CVE-2023-40787 is vulnerable to SQL injection and CVE-2023-46604 is vulnerable to remote code execution. Many other vulnerabilities have been reported, but with base scores no higher than 7.5.
Wordpress: 54 new vulnerabilities have been reported since late December 2023 that affect various WordPress plugins. The severity of these vulnerabilities range from high to critical. Available updates should be run as soon as they are made available.
Google has reported a vulnerability affecting Chrome WebRTC that is currently being exploited by threat-actors. CVE-2023-7024, is a high-severity, heap buffer-overflow vulnerability that allows an attacker to cause crashes or code execution. Chrome WebRTC is open-source technology that allows real-time communication between browsers and mobile applications.
Microsoft Excel: a remote code-execution vulnerability (CVE-2023-7101) affecting older versions of the Spreadsheet::ParseExcel library file, i.e. versions 6.5 and older. This happened because the program is not properly validating data received from Excel files, letting attackers use a specific method called ‘eval’ to execute harmful code. As stated on the NIST website, ‘the problem stems from the evaluation of Number format strings within the Excel parsing logic’.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Juniper – Security Bulletin
WordPress – CISA vulnerability bulletin
Google – Chrome Releases
Microsoft Excel – NIST National Vulnerability Database
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.