Recorded Future CVE Monthly August 2023

We identified 18 newly disclosed vulnerabilities with high risk scores for August 2023, 2 of which were zero-day vulnerabilities affecting Microsoft and Ivanti products. Exploitation activity this month demonstrated that multiple medium-severity vulnerabilities can be exploited together to achieve the effects of 1 high-severity vulnerability; the actively exploited vulnerabilities that attracted some of the highest attention this month were chained together to enable attacks. First, threat actors exploited 4 vulnerabilities in Juniper Networks’s Junos OS J-Web component to target Juniper EX switches and SRX firewalls. Each of the vulnerabilities has a medium-severity 5.3 CVSS score, but when aggregated, they have a collective high-severity CVSS score of 9.8; their exploitation can be chained together to enable remote code execution (RCE). In another instance of exploitation chaining, Ivanti urged its customers to patch CVE-2023-38035, an authentication bypass zero-day vulnerability affecting Sentry, a security product used to encrypt network traffic between mobile devices and enterprise servers. Threat actors chained exploitation of CVE-2023-38035 with the exploitation of 2 additional Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities (CVE-2023-35078 and CVE-2023-35081) to enable their attacks.

While the actively exploited vulnerability spotlight was on Ivanti and Juniper Networks products this month, Microsoft continued to be the software vendor most consistently affected by actively exploited zero-day vulnerabilities, month-to-month. As part of its August 2023 Patch Tuesday, Microsoft patched 1 new actively exploited zero-day vulnerability (CVE-2023-38180) and released a Microsoft Office Defense-in-Depth Update to fix a patch-bypass flaw affecting CVE-2023-36884. The latter vulnerability, an RCE flaw affecting Microsoft Office, was patched in July 2023 and was previously exploited by RomCom to target guests of the July 2023 NATO Summit.