[Security Vulnerability Alert] CISA adds 6 known vulnerabilities exploited by hackers to the KEV directory (2026/06/22-2026/06/28)

 
2026/6/30 ~ 2026/12/30
View Count:12

Forward Taiwan Computer Emergency Response Team / Coordination Center Information Security Alert TWCERTCC-200-202606-00000018

[Description]
【CVE-2025-67038】Lantronix EDS5000 Code Injection Vulnerability (CVSS v3.1: 9.8)
【Whether exploited by ransomware: Unknown】 Lantronix EDS5000 contains a code injection vulnerability. An attacker can exploit this vulnerability to inject arbitrary operating system commands into the username parameter and execute them with root privileges.

【CVE-2026-34910】Ubiquiti UniFi OS Improper Input Validation Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: Unknown】 Ubiquiti UniFi OS contains an improper input validation vulnerability. A malicious attacker with network access can exploit this vulnerability to perform command injection attacks.

【CVE-2026-34909】Ubiquiti UniFi OS Path Traversal Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: Unknown】 Ubiquiti UniFi OS contains a path traversal vulnerability. A malicious attacker with network access can exploit this vulnerability to access files on the underlying system and may further gain access to underlying system accounts by manipulating or leveraging these files.

【CVE-2026-34908】Ubiquiti UniFi OS Improper Access Control Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: Unknown】 Ubiquiti UniFi OS contains an improper access control vulnerability. A malicious attacker with network access can exploit this vulnerability to perform unauthorized changes to the system.

【CVE-2026-12569】PTC Windchill and FlexPLM Improper Input Validation Vulnerability (CVSS v3.1: 9.8)
【Whether exploited by ransomware: Unknown】 PTC Windchill and FlexPLM contain an improper input validation vulnerability. An unauthenticated remote attacker can execute arbitrary code by sending malicious requests to the network.

【CVE-2026-20230】Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability (CVSS v3.1: 8.6)
【Whether exploited by ransomware: Unknown】 Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery vulnerability. An unauthenticated remote attacker can exploit this vulnerability to write files to the underlying operating system and subsequently use these files to further escalate privileges to root.

[Affected Platform]
【CVE-2025-67038】Please refer to the official listed affected versions https://www.lantronix.com/technical-support/security-updates/vulnerability-disclosure-policy/vulnerability-library/cve-2025-67038-eds-5000-eds-3000/?_gl=1*11k48gn*_up*MQ..*_ga*NzY1MzgwNjcxLjE3ODI2OTc0Nzg.*_ga_M2G6RLT5L3*czE3ODI2OTc0NzckbzEkZzEkdDE3ODI2OTc1NTckajYwJGwwJGgw

【CVE-2026-34910】Please refer to the official listed affected versions https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34909】Please refer to the official listed affected versions https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34908】Please refer to the official listed affected versions https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-12569】Please refer to the official listed affected versions https://www.ptc.com/en/support/article/CS473270

【CVE-2026-20230】Please refer to the official listed affected versions https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

[Recommended Measures]
【CVE-2025-67038】 The vendor has released a fix update for the vulnerability; please update to the relevant version https://www.lantronix.com/technical-support/security-updates/vulnerability-disclosure-policy/vulnerability-library/cve-2025-67038-eds-5000-eds-3000/?_gl=1*11k48gn*_up*MQ..*_ga*NzY1MzgwNjcxLjE3ODI2OTc0Nzg.*_ga_M2G6RLT5L3*czE3ODI2OTc0NzckbzEkZzEkdDE3ODI2OTc1NTckajYwJGwwJGgw

【CVE-2026-34910】 The vendor has released a fix update for the vulnerability; please update to the relevant version https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34909】 The vendor has released a fix update for the vulnerability; please update to the relevant version https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34908】 The vendor has released a fix update for the vulnerability; please update to the relevant version https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-12569】 The vendor has released a fix update for the vulnerability; please update to the relevant version https://www.ptc.com/en/support/article/CS473270

【CVE-2026-20230】 The vendor has released a fix update for the vulnerability; please update to the relevant version https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

Files
None
【Back】
Top↑