Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B DOPSoft Vulnerability

September 11, 2023

Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs

September 11, 2023

Rewterz Threat Advisory – CVE-2023-4807 – OpenSSL Vulnerability

September 11, 2023

Severity

High

Analysis Summary

CVE-2023-4807

OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC (message authentication code) implementation, when running on newer X86_64 processors supporting the AVX512-IFMA instructions. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the application to crash.

Impact

Denial of Service

Indicators Of Compromise

CVE

CVE-2023-4807

Affected Vendors

OpenSSL

Affected Products

OpenSSL 1.1.1
OpenSSL OpenSSL 3.0.0
OpenSSL 3.1.0
OpenSSL 1.1.1v

Remediation

Refer to OpenSSL Security Advisory for patch, upgrade or suggested workaround information.

OpenSSL Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

ICS: Multiple Rockwell Automation ThinManager Vulnerabilities

CoinMiner Malware – Active IOCs

Multiple Zoom Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft-B DOPSoft Vulnerability

Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.