CVE-2024-6670 is an actively exploited critical (CVSS v3 score: 9.8) SQL injection vulnerability affecting Progress Software’s WhatsUp Gold network monitoring tool. CyCognito discovery and testing engines actively detect vulnerable versions of Progress Software WhatsUp Gold and all customers have access to an in-platform emerging security issue announcement as of September 27th, 2024.
Read more about Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)
CyCognito Blog
Emerging Threats
Search the Blog
CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw affecting SonicWall firewall devices that attackers are actively exploiting to deliver ransomware. CyCognito discovery and testing engines detect all assets running SonicWall SonicOS products and leverage multiple tests to services of the vulnerable product and versions. All customers have access to an in-platform emerging security issue announcement as of September 10th, 2024.
Read more about Emerging Security Issue: SonicWall SSLVPN (CVE-2024-40766)Palo Alto Networks announced the discovery of CVE-2024-3400. CyCognito has informed affected customers of potentially affected assets.
Read more about Emerging Security Issue: Palo Alto Networks GlobalProtect PAN-OS Software CVE-2024-3400Two security issues affecting the popular Ivanti Connect Secure and Ivanti Policy Secure remote access SSL VPN systems can be chained together to give unauthenticated attackers remote access to critical systems. CyCognito’s active testing protects our current customers and delivers key insights about these vulnerabilities in the CyCognito platform.
Read more about Emerging Security Issue: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.
Read more about Big Problem with BIG-IP: Vulnerability Alert | CVE-2022-1388 in F5 BIG-IP
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more about Detecting and Validating Spring4Shell Vulnerability: CVE-2022-22965New Vulnerability Patch. Check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched.
Read more about Vulnerability Notice: Patch CVE-2021-31166