Activity Feed

inokii reported CVE-2024-23692 as Exploited in the Wild

July 10, 2024 3:29am UTC (4 months ago)

Indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-adds-three-known-exploited-vulnerabilities-catalog)

inokii reported CVE-2024-20399 as Exploited in the Wild

July 10, 2024 3:28am UTC (4 months ago)

Indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog)

inokii reported CVE-2020-13965 as Exploited in the Wild

July 10, 2024 3:26am UTC (4 months ago)

Indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog)

inokii reported CVE-2022-2586 as Exploited in the Wild

July 10, 2024 3:25am UTC (4 months ago)

Indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog)

inokii reported CVE-2022-24816 as Exploited in the Wild

July 10, 2024 3:24am UTC (4 months ago)

Indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog)

4

cschie822_comcast assessed CVE-2024-6387

July 03, 2024 6:57pm UTC (4 months ago)•Edited 4 months ago

Ratings

Attacker Value

Low

Exploitability

Very Low

Technical Analysis

Doesn’t lend itself to an attackers needs. Takes a very long time to exploit, only works on a specific architecture (32bit), easily detected/blocked as malicious and requires access to a protocol (ssh) that is commonly hardened with access control lists.

1

SeanWrightFeat replied to their assessment of CVE-2024-6387

July 03, 2024 3:26pm UTC (4 months ago)

What @noraj said! If successfully exploited, it almost likely gives root access to the system which is about as good as it gets for an attacker. But the effort required to do so is significant, making the chances of successful exploitation very low. So from a risk perspective (risk = impact * likelihood), where the impact (attacker value) is incredibly high, but the likelihood (exploitability) is very low, putting it at about medium risk.

2

noraj replied to SeanWrightFeat's assessment of CVE-2024-6387

July 03, 2024 2:57pm UTC (4 months ago)•Edited 4 months ago

@cschie822_comcast it depends if one means the attacker value in case of successful exploitation (which is very high here) or if it is the global attacker value taking every other metrics into account such as the very difficult exploitability (the value is very low). So it depends if it is contextualized or not.

2

cschie822_comcast replied to SeanWrightFeat's assessment of CVE-2024-6387

July 03, 2024 2:53pm UTC (4 months ago)•Edited 4 months ago

interesting… your comments and your attacker value ratings don’t seem to line up.

cbeek-r7 reported CVE-2024-20399 as Exploited in the Wild

July 03, 2024 7:47am UTC (4 months ago)

Indicated source as

Vendor Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP)

Ratings

Technical Analysis

Quick Cookie Notification