Over the past few days, several critical vulnerabilities have been caught exploited by threat actors in the wild, these vulnerabilities were added to CISA's KEV catalog and other vulnerability catalogs, we have analyzed the ones that are remotely exploitable and added detection for them in Ostorlab KEV.

• CVE-2024-27198

CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity through an alternative path. the vulnerability was given a 9.8 CVSS score as it can easily be escalated into a remote code execution.

Threat actors have been observed leveraging this vulnerability to deploy ransomware, notably a weaponized version of the open source Jasmin ransomware.

• CVE-2021-36380

CVE-2021-36380 is a critical unauthenticated OS command injection affecting Sunhillo SureLine, the vulnerability was given 9.8 CVSS score.

Some threat actors have been observed exploiting this vulnerability over the past weeks, successful exploitation can grant attackers full control of the target system.

• CVE-2024-0692

CVE-2024-0692 is an insecure deserialization vulnerability in the SolarWinds Security Event Manager (SEM), the vulnerability was given a 8.8 CVSS score as it can easily get escalated into a remote code execution by using specially crafted deserialization payloads.

• CVE-2024-27497

CVE-2024-27497 is an authentication bypass vulnerability in Linksys E2000 Ver.1.0.06 build 1 where the session token gets leaked in a publicly accessible javascript file.