Table of Contents
In this week’s Security Advisory
- **Updated** SolarWinds Warns of Critical Web Help Desk RCE
- **Updated** Broadcom Patches Multiple VMware Products
- Juniper Networks Patches Critical PTX Vulnerability
- Coruna iOS Exploit Kit Targets iOS 13-17.2.1
- Qualcomm Zero-Day Exploited in Targeted Android Attacks
- WatchGuard Patches Three Vulnerabilities in Firebox
- Critical FreeScout Vulnerability Leads to Full Server Compromise
**Updated** SolarWinds Warns of Critical Web Help Desk RCE
A Proof-of-Concept exploit that chains these vulnerabilities together to achieve pre-auth remote code execution is now circulating. If you have not patched, it is highly recommended that you do so now.
More Reading / Information
Original Advisory:
SolarWinds has issued security updates addressing critical vulnerabilities in its Web Help Desk platform, including flaws that allowed authentication bypass and remote code execution. The authentication bypass security flaws are being tracked as CVE-2025-40552 (CVSS 9.8/10) and CVE-2025-40554 (CVSS 9.8/10). Successful exploitation of these vulnerabilities could allow an actor to execute code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Versions
- SolarWinds Web Help Desk versions before 2026.1.
Recommendations
- Upgrade to Web Help Desk Version 2026.1.
More Reading / Information
- https://www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
- https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm
**Updated** Broadcom Patches Multiple VMware Products
The VMware vulnerability, CVE-2026-22719, is now being exploited in the wild. Broadcom has updated their advisory to reflect this, and CISA has added this vulnerability to its KEV list. If you have not yet patched it is important to do so urgently.
More Reading / Information
Original Advisory:
Broadcom has released patches for three vulnerabilities, two high severity and one medium, affecting its VMware Aria Operations and VMware Cloud Foundation Operations components of different products. The first high severity vulnerability is CVE-2026-22719 (CVSS 8.1/10), which is a command injection issue that can be exploited by an unauthenticated attacker. If exploited, it would be possible for the attacker to execute code remotely while the support assist migration is in progress. The second high severity vulnerability is CVE-2026-22720 (CVSS 8/10), which is a XSS (cross-site scripting) vulnerability.
Affected Versions
A full list of affected versions can be found here.
Recommendations
- Upgrade to the fixed versions of each product.
More Reading / Information
- https://www.securityweek.com/vmware-aria-operations-vulnerability-could-allow-remote-code-execution/
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947
Juniper Networks Patches Critical PTX Vulnerability
Juniper has patched a critical vulnerability, CVE-2026-21902 (CVSS 9.3/10), affecting its PTX series of Juno OS Evolved. The vulnerability can allow an unauthenticated attacker, who is already on the network, to execute code with root permissions. Juniper has stated that they are not aware of any exploitation of this vulnerability currently. If you cannot patch immediately, it is recommended to restrict access to trusted networks via firewall filters or access control lists.
Affected Versions
- All Juno OS Evolved 25.4 and prior versions.
Recommendations
- Upgrade to one of the following versions: 25.4R1-S1-EVO, 25.4R2-EVO, 26.2R1-EVO.
More Reading / Information
- https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902
- https://www.bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/
Coruna iOS Exploit Kit Targets iOS 13-17.2.1
Security researchers have discovered the use of an exploit framework, dubbed Coruna, being used to target Apple iOS devices running on versions 13-17.2.1. The attacks include 5 chained vulnerabilities with a total of 23 exploits. The framework abuses Apple Web Kits loading process. When a user visits a malicious website, the IOS device loads code meant to bypass security mechanisms and establish persistence on the device. Of note – Lockdown Mode, an IOS Feature or privacy and security, prevented the attack chains from executing.
Affected Versions
- Apple iPhone models running iOS versions between 13.0 and 17.2.1.
Recommendations
- Ensure you are always running the latest iOS versions on Apple devices.
- Enable the “Automatic Update” feature.
- Enable “Lockdown Mode” for all IOS devices.
More Reading / Information
- https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html
- https://www.wired.com/story/coruna-iphone-hacking-toolkit-us-government/
Qualcomm Zero-Day Exploited in Targeted Android Attacks
Google has released security updates to patch 129 Android vulnerabilities; this includes an actively exploited high severity vulnerability that impacts an open-source Qualcomm component used in Android devices. The vulnerability, CVE-2026-21385 (CVSS 7.8/10), is a buffer over-read in the graphics component. Google has confirmed this flaw has been exploited in the wild.
Recommendations
- Apply latest patches from Google found here.
More Reading / Information
- https://www.bleepingcomputer.com/news/security/google-patches-android-zero-day-actively-exploited-in-attacks/
- https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks
WatchGuard Patches Three Vulnerabilities in Firebox
WatchGuard has patched three new vulnerabilities affecting its Firebox OS. The most severe is CVE-2026-3342 (CVSS 8.2/10), which allows an authenticated admin to execute arbitrary code via an exposed management interface. The other two vulnerabilities are medium severity and can allow an attacker to bypass the Fireware OS filesystem integrity check and execute malicious JavaScript on the system.
Affected Versions
This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Recommendations
- Upgrade to the newest versions.
More Reading / Information
Critical FreeScout Vulnerability Leads to Full Server Compromise
FreeScout is an open source help desk and shared mailbox tool. The vulnerability, CVE-2026-28289 (CVSS 10/10), fixes a patch bypass for another recently patched vulnerability. The original vulnerability, CVE-2026-27636 (CVSS 8.8/10), allows an authenticated attacker to execute code remotely. Successful exploitation could allow an attacker to fully compromise vulnerable servers and potentially move laterally to other systems.
Affected Versions
- All FreeScout 1.8.206 installations running on Apache with AllowOverride All enabled.
Recommendations
- Upgrade to FreeScout version 1.8.207.
More Reading / Information
- https://www.securityweek.com/critical-freescout-vulnerability-leads-to-full-server-compromise/
- https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-5gpc-65p8-ffwp
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.