In their weekly report from June 26 to July 2, Cyble Research and Intelligence Laboratories (CRIL) analyzed 29 vulnerabilities, including critical and high-severity flaws in Juniper Networks, OpenSSH, and GitLab products. They also highlighted a medium severity vulnerability in Cisco Nexus switches that is being actively exploited, as well as exploits for sale on the dark web and industrial control system (ICS) vulnerabilities.
To assist security teams in prioritizing their patching and mitigation efforts, The Cybernetic Express partners with Cyble researchers each week to pinpoint security vulnerabilities that require close attention. The top vulnerabilities highlighted in this week’s report include an unauthenticated remote code execution (RCE) vulnerability in OpenSSH Server, a critical authentication bypass vulnerability in Juniper Networks products, a critical vulnerability in GitLab CE/EE, and a vulnerability in Cisco Nexus switches being exploited by a Chinese state-sponsored threat actor group.
Cyble researchers also identified exploits for sale on the dark web, such as proofs of concept (PoC) exploits for a Mozilla Firefox vulnerability, path traversal vulnerabilities in Sharp and Toshiba Tec digital multifunction peripherals, and discussions on forums about vulnerabilities in Adobe Commerce and the Vanna Python library. Additionally, suspected zero-days affecting Google Chrome for Windows, ABB ASPECT control panels, and EntroLink VPN accessories were observed.
The full report, available to customers, delves into these vulnerabilities and more, including 17 ICS vulnerabilities affecting companies like Mitsubishi ICONICS, Johnson Controls, and marKoni. By staying informed about these vulnerabilities and actively patching any identified issues, organizations can better protect themselves against potential cyber threats.
Article Source
https://thecyberexpress.com/weekly-vulnerability-report-juniper-openssh-gitlab/
