Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-20475
Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability
Description: A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-xss-zQ4KPvYd Security Impact Rating: Medium CVE: CVE-2024-20475

CVSS: MEDIUM (6.4)

Source: Cisco Security Advisory
March 28th, 2025 (20 days ago)
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Description: Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.
Source: Cisco Talos Blog
March 28th, 2025 (20 days ago)

CVE-2024-20439
Cisco Smart Licensing Utility Static Credential Vulnerability
🚨 Marked as known exploited on March 21st, 2025 (28 days ago).
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.

CVSS: CRITICAL (9.8)

EPSS Score: 89.39%

SSVC Exploitation: active

Source: CVE
March 28th, 2025 (21 days ago)

CVE-2024-20506
ClamAV Privilege Handling Escalation Vulnerability
Description: A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.

CVSS: MEDIUM (6.1)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (23 days ago)

CVE-2024-20505
ClamAV Memory Handling DoS
Description: A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

CVSS: MEDIUM (4.0)

EPSS Score: 0.52%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (23 days ago)
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
🚨 Marked as known exploited on April 10th, 2025 (8 days ago).
Description: Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below -  CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an

CVSS: CRITICAL (9.8)

EPSS Score: 89.39%

Source: TheHackerNews
March 21st, 2025 (28 days ago)
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
Description: Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. [...]
Source: BleepingComputer
March 20th, 2025 (28 days ago)
Taiwan critical infrastructure targeted by hackers with possible ties to Volt Typhoon
Description: Researchers at Cisco Talos identified a hacking operation against Taiwan that appears to overlap with Chinese state-backed campaigns known as Volt Typhoon and Flax Typhoon.
Source: The Record
March 20th, 2025 (28 days ago)

CVE-2025-20115
Cisco IOS XR Software Border Gateway Protocol Confederation DoS (cisco-sa-iosxr-bgp-dos-O7stePhX)
Description: Nessus Plugin ID 232841 with High Severity Synopsis The remote device is missing a vendor-supplied security patch Description According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with an AS_CONFED_SEQUENCE attribute that has 255 autonomous system numbers (AS numbers). An attacker could exploit this vulnerability by sending a crafted BGP update message, or the network could be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. A successful exploit could allow the attacker to cause memory corruption, which may cause the BGP process to restart, resulting in a DoS condition. To exploit this vulnerability, an attacker must control a BGP confederation speaker within the same autonomous system as the victim, or the network must be designed in such a manner that the AS_CONFED_SEQUENCE attribute grows to 255 AS numbers or more. (CVE-2025-20115)Please see the included Cisco BIDs and Cisco Security Advisory for more information. Solution Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwk15887 Read more at https:...

CVSS: HIGH (8.6)

EPSS Score: 0.14%

Source: Tenable Plugins
March 18th, 2025 (about 1 month ago)
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
Description: Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy. "The features available in CSS allow attackers and spammers to track users' actions and
Source: TheHackerNews
March 17th, 2025 (about 1 month ago)