{"vulnerability": "CVE-2023-3742", "sightings": [{"uuid": "324bf091-8296-4e13-80f8-c60c35fb30ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3742", "type": "seen", "source": "https://t.me/ctinow/157162", "content": "https://ift.tt/VdvbNSU\nCVE-2023-3742", "creation_timestamp": "2023-12-20T17:23:51.000000Z"}, {"uuid": "0b0d8f59-912d-4727-8f95-f01b2fdcdb0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3742", "type": "seen", "source": "https://t.me/ctinow/167844", "content": "https://ift.tt/ObpS4wv\nCVE-2023-3742 | Google Chrome prior 114.0.5735.90 on ChromeOS Device Policy Enforcement access control", "creation_timestamp": "2024-01-13T14:51:42.000000Z"}, {"uuid": "b3494a4b-da80-4b73-9e57-05e99ac20061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37422", "type": "seen", "source": "https://t.me/cibsecurity/68993", "content": "\u203c CVE-2023-37422 \u203c\n\nVulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated\u00c2\u00a0remote attacker to conduct a stored cross-site scripting\u00c2\u00a0(XSS) attack against an administrative user of the interface.\u00c2\u00a0A successful exploit allows an attacker to execute arbitrary\u00c2\u00a0script code in a victim's browser in the context of the\u00c2\u00a0affected interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:22:17.000000Z"}, {"uuid": "1cfdd146-e931-4a3b-877e-27be62978f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37427", "type": "seen", "source": "https://t.me/cibsecurity/69017", "content": "\u203c CVE-2023-37427 \u203c\n\nA vulnerability in the web-based management interface of\u00c2\u00a0EdgeConnect SD-WAN Orchestrator could allow an authenticated\u00c2\u00a0remote attacker to run arbitrary commands on the underlying\u00c2\u00a0host. Successful exploitation of this vulnerability allows\u00c2\u00a0an attacker to execute arbitrary commands as root on the\u00c2\u00a0underlying operating system leading to complete system\u00c2\u00a0compromise.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:28:00.000000Z"}, {"uuid": "a11712f3-60d5-4875-a67b-61246daa2732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37429", "type": "seen", "source": "https://t.me/cibsecurity/68944", "content": "\u203c CVE-2023-37429 \u203c\n\nMultiple vulnerabilities in the web-based management\u00c2\u00a0interface of EdgeConnect SD-WAN Orchestrator could allow\u00c2\u00a0an authenticated remote attacker to conduct SQL injection\u00c2\u00a0attacks against the EdgeConnect SD-WAN Orchestrator\u00c2\u00a0instance. An attacker could exploit these vulnerabilities to\u00c2\u00a0 \u00c2\u00a0 obtain and modify sensitive information in the underlying\u00c2\u00a0database potentially leading to the exposure and corruption\u00c2\u00a0of sensitive data controlled by the EdgeConnect SD-WAN\u00c2\u00a0Orchestrator host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:12:03.000000Z"}, {"uuid": "369e06df-f073-4977-9d5a-aee2ec7cb7b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37424", "type": "seen", "source": "https://t.me/cibsecurity/69030", "content": "\u203c CVE-2023-37424 \u203c\n\nA vulnerability in the web-based management interface\u00c2\u00a0of EdgeConnect SD-WAN Orchestrator could allow an\u00c2\u00a0unauthenticated remote attacker to run arbitrary commands on\u00c2\u00a0the underlying host if certain preconditions outside of the\u00c2\u00a0attacker's control are met. Successful exploitation of this\u00c2\u00a0vulnerability could allow an attacker to execute arbitrary\u00c2\u00a0commands on the underlying operating system leading to\u00c2\u00a0complete system compromise.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:28:18.000000Z"}, {"uuid": "a68c94d3-82db-406f-b8f2-597dd6b1cd3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37421", "type": "seen", "source": "https://t.me/cibsecurity/68971", "content": "\u203c CVE-2023-37421 \u203c\n\nVulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated\u00c2\u00a0remote attacker to conduct a stored cross-site scripting\u00c2\u00a0(XSS) attack against an administrative user of the interface.\u00c2\u00a0A successful exploit allows an attacker to execute arbitrary\u00c2\u00a0script code in a victim's browser in the context of the\u00c2\u00a0affected interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:18:18.000000Z"}, {"uuid": "04abdf8a-527c-4008-842e-d21b4bffd134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37426", "type": "seen", "source": "https://t.me/cibsecurity/68969", "content": "\u203c CVE-2023-37426 \u203c\n\nEdgeConnect SD-WAN Orchestrator instances prior to the\u00c2\u00a0versions resolved in this advisory were found to have\u00c2\u00a0shared static SSH host keys for all installations. This\u00c2\u00a0vulnerability could allow an attacker to spoof the SSH host\u00c2\u00a0signature and thereby masquerade as a legitimate Orchestratorhost.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:18:16.000000Z"}, {"uuid": "3e86671b-d3f8-466c-9ed8-e8b5b0a45e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37428", "type": "seen", "source": "https://t.me/cibsecurity/68962", "content": "\u203c CVE-2023-37428 \u203c\n\nA vulnerability in the EdgeConnect SD-WAN Orchestrator\u00c2\u00a0web-based management interface allows remote authenticated\u00c2\u00a0users to run arbitrary commands on the underlying host.\u00c2\u00a0A successful exploit could allow an attacker to execute\u00c2\u00a0arbitrary commands as root on the underlying operating system\u00c2\u00a0leading to complete system compromise.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:18:04.000000Z"}, {"uuid": "3e3373d6-13e0-46bd-934f-24c0198cb0b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3742", "type": "seen", "source": "https://t.me/ctinow/163113", "content": "https://ift.tt/RezNUMZ\nCVE-2023-3742 Exploit", "creation_timestamp": "2024-01-04T17:11:32.000000Z"}, {"uuid": "b9b5c57e-814c-471d-90a6-c20c4f07afad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37425", "type": "seen", "source": "https://t.me/cibsecurity/69016", "content": "\u203c CVE-2023-37425 \u203c\n\nA vulnerability in the web-based management interface\u00c2\u00a0of EdgeConnect SD-WAN Orchestrator could allow an\u00c2\u00a0unauthenticated remote attacker to conduct a stored\u00c2\u00a0cross-site scripting (XSS) attack against an administrative\u00c2\u00a0user of the interface. A successful exploit allows an\u00c2\u00a0attacker to execute arbitrary script code in a victim's\u00c2\u00a0browser in the context of the affected interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:27:59.000000Z"}]}