DSZDW | Search

Search

Items tagged with: CISA

Harry Sintonen

4 months ago

Harry Sintonen
4 months ago

Apparently #CISA has rated #curl #vulnerability #CVE_2024_11053 as #CVSS v3 Base Score 9.1 "critical". This is wrong, and will lead to automation triggering unnecessary warnings and blocking use of perfectly fine systems until an update is installed (which can take months). https://nvd.nist.gov/vuln/detail/CVE-2024-11053

Edit: In case you wonder my credentials for judging this: I found this vulnerability.

Edit2: This appears to be originating from CISA: https://www.cve.org/Media/News/item/blog/2024/06/04/CISA-Added-as-CVE-Authorized-Data-Publisher

Edit3: The score has now been fixed. Commit: https://github.com/cisagov/vulnrichment/commit/91fadb2bf6b461638c8155978b9f20cf17e51fe3

data updated · cisagov/vulnrichment@91fadb2

A repo to conduct vulnerability enrichment. Contribute to cisagov/vulnrichment development by creating an account on GitHub.

^GitHub

#curl #vulnerability #cisa #cve_2024_11053 #cvss

Please wait

View in context

serious business :donor: :heart_cyber:

5 months ago

serious business :donor: :heart_cyber:
5 months ago

lol
lmao

Sauce: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

#infosec #cybersecurity #redteam #cisa

Within this assessment, the red team gained initial access through a web shell left from a third party's previous security assessment.

Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization | CISA

^{Cybersecurity and Infrastructure Security Agency CISA}

#infosec #CyberSecurity #redteam #cisa

Please wait

View in context

This website is tracked using the Matomo analytics tool. If you do not want that your visits are logged in this way you can set a cookie to prevent Matomo / Piwik from tracking further visits of the site (opt-out).

⇧