What Happened Over the Week? | CVEs Edition

Hello, hello cyber-securiters. This is a special edition for CVEs. You need lots of updates this week. The cyber-world is shaking.

Here is a catch-up for you. Let's start.

1) Authentication Bypass Vulnerability in Sophos Allows Database Manipulation        

A security vulnerability in Sophos software, designated CVE-2024-10386, could allow attackers with network access to bypass authentication mechanisms and manipulate databases through crafted network messages.

This critical flaw highlights the need for organizations to update affected systems promptly.

Vulnerability Type: Authentication Bypass

Description: This vulnerability allows a threat actor to send specifically crafted messages to the device, bypassing authentication and potentially leading to unauthorized database manipulation. With network access, an attacker could exploit this flaw to compromise database integrity or inject malicious data.

2) Command Injection Vulnerability Found in Wi-Fi Alliance Test Suite        

A serious security vulnerability has been identified in the Wi-Fi Alliance's Test Suite, potentially allowing unauthenticated local attackers to execute arbitrary code with elevated privileges on affected devices.

Vulnerability: Known as CVE-2024-41992, this flaw enables unauthenticated local attackers to execute arbitrary commands with root privileges by sending specially crafted packets.

Affected Devices: The vulnerability has been identified on certain Arcadyan FMIMG51AX000J router models, where the flawed Wi-Fi Test Suite code is deployed.

3) NVIDIA Releases Patches for Multiple Vulnerabilities in Windows and Linux GPU Drivers        

NVIDIA has released a security bulletin addressing several vulnerabilities in its GPU Display Driver for both Windows and Linux platforms. If exploited, these vulnerabilities could allow attackers to execute malicious code, escalate privileges, or even cause denial of service (DoS) attacks.

1.CVE-2024-0126:

• Affects both Windows and Linux platforms.
• CVSS Score: 8.2 (High severity).
• This vulnerability allows a privileged attacker to escalate permissions, potentially leading to unauthorized code execution.
• Impact: Code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

2.CVE-2024-0117:

• Affects Windows only.
• CVSS Score: 7.8.
• This vulnerability exists in the user-mode layer of the GPU Display Driver and allows an unprivileged user to trigger an out-of-bounds read.
• Impact: Code execution, data tampering, and privilege escalation.

3.CVE-2024-0118, CVE-2024-0119, CVE-2024-0120, and CVE-2024-0121:

• These vulnerabilities affect the user-mode layer of the Windows GPU Display Driver.
• They could be exploited by unprivileged users to cause a range of security issues, from denial of service to full system compromise.

4) 52 Zero-Day Vulnerabilities Exploited on Day One of Pwn2Own Ireland        

The first day of Pwn2Own Ireland 2024 began with an impressive demonstration of 52 zero-day vulnerabilities exploited across various devices. Participants competing for the prestigious "Master of Pwn" title collectively earned $486,250 in cash prizes.

Affected Products and Vulnerabilities:

• Lorex 2K WiFi Camera: Stack-based buffer overflow vulnerability
• QNAP QHora-322 Router: Multiple vulnerabilities
• TrueNAS Mini X: Multiple vulnerabilities
• Sonos Era 300 Smart Speaker: Out-of-bounds write vulnerability
• HP Color LaserJet Pro MFP 3301fdw: Stack-based buffer overflow vulnerability
• Canon imageCLASS MF656Cdw: Single vulnerability
• QNAP TS-464 NAS Device: Improper certificate verification, hardcoded cryptographic key
• Synology DiskStation DS1823xs+: Improper neutralization of argument delimiters

5) Cisco Has Released an Urgent Fix for a Vulnerability        

Cisco has released an urgent fix for a vulnerability, CVE-2024-20481, in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, specifically affecting the Remote Access VPN (RAVPN) service. With a CVSS score of 5.8, this flaw can be exploited by unauthenticated remote attackers through a large number of VPN authentication requests, leading to resource exhaustion and denial of service (DoS).

In some cases, the device may need to be reloaded to restore the RAVPN service.

6) Critical Cisco FMC Software Flaw Allows Root-Level Access        

Cisco has issued a critical security advisory regarding a command injection vulnerability in its Secure Firewall Management Center (FMC) Software. Tracked as CVE-2024-20424 and assigned a CVSS score of 9.9, this vulnerability could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with root-level privileges.

This vulnerability affects all versions of Cisco FMC Software, regardless of the device configuration. As a result, many organizations relying on Cisco FMC for firewall management could be at risk.

7) Critical 0-Day Vulnerability CVE-2024-44068 in Samsung Exynos Processors Patched        

Samsung has released a critical security update to address CVE-2024-44068, a high-severity vulnerability affecting devices with Exynos processors.

This zero-day vulnerability, which has been assigned a CVSS score of 8.1, stems from improper memory management in the m2m1shot_scaler0 driver. This driver handles essential tasks such as image and video processing, including scaling and JPEG decoding.

8) GitLab Releases Urgent Security Update for XSS and DoS Vulnerabilities        

GitLab has released a security update to address two critical vulnerabilities that affect various versions of its Community Edition (CE) and Enterprise Edition (EE) software. Users are strongly advised to update their installations immediately to protect their systems from potential exploitation.

CVE-2024-8312: High-Severity XSS Vulnerability

• Severity: High (CVSS 3.1 score: 8.7)
• Description: This vulnerability allows attackers to inject malicious HTML code into the Global Search field on a diff view, leading to Cross-Site Scripting (XSS) attacks. GitLab’s advisory explains: “An attacker could inject HTML into the Global Search field on a diff view, leading to XSS.” This type of attack could enable attackers to steal user data, hijack sessions, or redirect users to malicious websites.

CVE-2024-6826: Medium-Severity DoS Vulnerability

• Severity: Medium (CVSS 3.1 score: 6.5)
• Description: This vulnerability is a Denial of Service (DoS) flaw, where an attacker could overload the server by importing a maliciously crafted XML manifest file. As GitLab states, “A denial of service could occur via importing a malicious crafted XML manifest file,” disrupting services for legitimate users.

Affected Versions

The following versions of GitLab are affected by these vulnerabilities:

• All versions from 15.10 to before 17.3.6
• All versions from 17.4 to before 17.4.3
• All versions from 17.5 to before 17.5.1

9) Lazarus APT Uses Fake Crypto Game to Exploit Chrome Zero-Day CVE-2024-4947        

A sophisticated cyberattack campaign orchestrated by the Lazarus APT group has been uncovered. In this attack, a fake cryptocurrency game is used to deceive investors and infect their systems with malware. The attackers leveraged a zero-day vulnerability in Google Chrome to carry out the attack.

This campaign centered around a seemingly legitimate website promoting a decentralized finance (DeFi) NFT-based game called “DeTankZone.” However, the site was merely a front, containing a hidden script that exploited a zero-day vulnerability in Google Chrome. According to the research, "just visiting the site was enough to get infected – the game was merely a distraction."

10) Fortinet Issues Urgent Advisory for Critical FortiManager Vulnerability        

Fortinet has released a critical vulnerability, CVE-2024-47575 (CVSS score: 9.8), which is currently being exploited. This vulnerability stems from a missing authentication flaw in the fgfmsd daemon. It potentially allows remote, unauthenticated attackers to execute arbitrary commands or code via specially crafted requests.

Affected Versions:

• FortiManager 7.6 (versions prior to 7.6.1)
• FortiManager 7.4 (versions 7.4.0 through 7.4.4)
• FortiManager 7.2 (versions 7.2.0 through 7.2.7)
• FortiManager 7.0 (versions 7.0.0 through 7.0.12)
• FortiManager 6.4 (versions 6.4.0 through 6.4.14)
• FortiManager 6.2 (versions 6.2.0 through 6.2.12)

FortiManager Cloud versions are also impacted, and users are advised to upgrade to fixed releases as outlined in the security advisory.

11) Cisco ASA SSH Vulnerability Enables Complete System Takeover        

Cisco has issued a critical security advisory for a vulnerability in the SSH subsystem of its Adaptive Security Appliance (ASA) Software, identified as CVE-2024-20329. With a CVSS score of 9.9, this vulnerability could allow an authenticated, remote attacker to execute commands with root privileges, effectively enabling full control over the affected system.

12) VMware Struggles to Fix Critical Remote Code Execution Flaw in vCenter Server        

VMware is having difficulty addressing a serious remote code execution vulnerability in its vCenter Server platform. This flaw, first documented and exploited earlier this year during a hacking contest in China, continues to pose a significant security risk.

For the second time in two months, VMware released a patch to fix the vulnerability, identified as CVE-2024-38812. However, the company admitted in a recent advisory that the patch issued on September 17, 2024, did not fully resolve the issue.

In addition to CVE-2024-38812, VMware also released a patch for CVE-2024-38813, a privilege escalation vulnerability with a CVSS severity score of 7.5/10. According to VMware, this flaw could allow a malicious actor with network access to vCenter Server to escalate privileges to root by sending a specially crafted network packet.