What Happened Over the Week? | CVEs Edition

What Happened Over the Week? | CVEs Edition

Hello, hello cyber-securiters. This is a special edition for CVEs. You need lots of updates this week.

Here is a catch-up for you. Let's start.


1) CVE-2024-26581: Linux Kernel Vulnerability Exposes Systems to Potential Root-Level Exploits

A critical security flaw in the Linux kernel has been publicly disclosed, along with a proof-of-concept (PoC) exploit. The CVE-2024-26581 (CVSS 7.8) vulnerability puts Linux systems at risk, allowing local authenticated attackers to access sensitive information and, in the worst-case scenario, escalate privileges to gain root-level access.


2) OpenStack Ironic Users Advised to Patch Vulnerability: CVE-2024-44082

A critical security vulnerability, CVE-2024-44082, has been discovered in OpenStack’s Ironic project, which provisions bare metal machines. This flaw allows authenticated users to exploit unvalidated image data, potentially leading to unauthorized access to sensitive information.

The vulnerability affects multiple versions of both Ironic and Ironic-Python-Agent (IPA) due to improper handling of images processed by qemu-img.


3) Severe Vulnerabilities in Veeam Console Threaten Data Security

A series of critical vulnerabilities have been identified in Veeam Service Provider Console (VSPC), a popular platform used to manage data protection services in cloud and virtual environments. Some of these vulnerabilities have received a severity score as high as 9.9 on the CVSS, exposing organizations to serious risks such as unauthorized access, RCE, and potential data compromise.

CVEs

  • CVE-2024-38650 (CVSS 9.9)
  • CVE-2024-39714 (CVSS 9.9)
  • CVE-2024-39715 (CVSS 8.5)
  • CVE-2024-38651 (CVSS 8.5)


4) CVE-2024-2169: Critical Webmin/Virtualmin Vulnerability Exposes Systems to Loop DoS Attacks

System administrators and web hosting providers using the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability that could lead to DoS attacks. This vulnerability, identified as CVE-2024-2169, affects Webmin versions prior to 2.202 and Virtualmin versions prior to 7.20.2.

The vulnerability is rooted in Webmin/Virtualmin’s UDP service discovery mechanism, which typically operates on port 10000. This service responds to incoming UDP requests by revealing the IP address and port where the control panel is accessible. While this behavior may appear harmless, it can be exploited by attackers to initiate a Loop DoS attack.


5) CVE-2024-20469 in Cisco ISE with PoC Exploit Poses Significant Network Risk

A vulnerability, identified as CVE-2024-20469, has been discovered in Cisco Identity Services Engine (ISE), with a CVSS score of 6.0. This vulnerability enables authenticated local attackers to escalate their privileges to root on the underlying operating system.


6) Severe Cisco SLU Vulnerabilities Put Remote Admin Control at Risk

Cisco has issued a security advisory warning organizations about multiple critical vulnerabilities in its Smart Licensing Utility (SLU), which could allow remote attackers to gain unauthorized access or even full administrative control.

Two of these vulnerabilities, CVE-2024-20439 and CVE-2024-20440, have been assigned a CVSS score of 9.8, categorizing them as critical.


7) CVE-2024-20017 (CVSS 9.8): Critical Zero-Click Vulnerability Uncovered in Wi-Fi Chipsets, PoC Released

Security researchers have disclosed detailed information and a proof-of-concept (PoC) exploit for a critical vulnerability identified as CVE-2024-20017. With a CVSS score of 9.8, this vulnerability poses a serious risk, allowing attackers to execute remote code on vulnerable devices without requiring user interaction.


8) Critical RCE Vulnerability in Veeam Backup & Replication Enables Full System Compromise

A series of critical vulnerabilities have been discovered in Veeam Backup & Replication, exposing organizations to risks of unauthorized access, remote code execution (RCE), and data breaches. Among these, the most severe vulnerability, CVE-2024-40711 (CVSS score: 9.8), allows unauthenticated attackers to remotely execute code, granting them full control over the affected system.

Major CVEs:

  • CVE-2024-40710: Remote Code Execution (RCE)
  • CVE-2024-40711: Remote Code Execution (RCE)
  • CVE-2024-40713: Multi-Factor Authentication (MFA) Bypass
  • CVE-2024-40710: Sensitive Information Disclosure
  • CVE-2024-39718: Unauthorized File Deletion
  • CVE-2024-40714: Credential Interception
  • CVE-2024-40712: Local Privilege Escalation (LPE)


9) CVE-2024-32896: Critical Android Zero-Day Elevation of Privilege Vulnerability Patched After Active Exploitation

Google has released a patch for CVE-2024-32896, a critical zero-day vulnerability that has been actively exploited. Classified as a high-priority Elevation of Privilege (EoP) issue, this security flaw was discovered in the Android operating system, specifically affecting Pixel devices.

Reports indicate that CVE-2024-32896 was subject to limited, targeted exploitation before the patch was released. Exploiting this vulnerability could allow attackers to unlock Android devices without a PIN and access stored data, posing a significant risk to user privacy and security. The active exploitation of this flaw underscores the importance of timely updates and patches to mitigate potential threats.


10) RomCom Group Continues to Exploit Microsoft Office 0-Day to Spread Ransomware

The RomCom Group has begun exploiting the CVE-2023-36884 zero-day vulnerability in Microsoft Office to distribute ransomware that encrypts files on victims' Windows computers. This ransomware encrypts files and leaves a ransom note demanding payment to decrypt the files.

This campaign leverages CVE-2023-36884, a remote code execution vulnerability in Microsoft Office, which is exploited via specially crafted documents delivered through phishing techniques. In addition to phishing, the RomCom Group may use other infection vectors such as email or access purchased from an Initial Access Broker (IAB).


11) Google Fixes Actively Exploited Zero-Day in September Android Security Update

Google's September 2024 Android security update addresses 36 vulnerabilities, one of which has already been actively exploited in targeted attacks. This zero-day vulnerability, identified as CVE-2024-32896 and assigned a CVSS score of 7.8, is a high-severity Elevation of Privilege (EoP) issue.

The flaw is particularly concerning because it has been actively exploited by malicious actors, as confirmed by both Google and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).


12) CVE-2024-38106: Zero-Day Windows Kernel Vulnerability Actively Exploited, PoC Released

A critical zero-day vulnerability in the Windows Kernel, identified as CVE-2024-38106, has recently surfaced, and a proof-of-concept (PoC) exploit has been published by a security researcher from PixiePoint Security. This elevation of privilege (EoP) vulnerability, which has already been exploited in the wild, requires urgent attention from security professionals and end users.


13) CVE-2024-8105: Critical UEFI Vulnerability Exposes Millions of Devices to Risk

CVE-2024-8105, also known as "PKfai," is a significant vulnerability identified within the UEFI (Unified Extensible Firmware Interface) ecosystem. With a CVSS score of 8.2, this flaw weakens critical UEFI security mechanisms, making systems vulnerable to malicious attacks that can bypass fundamental protections like Secure Boot.


14) CVE-2024-7593 (CVSS 9.8): Critical Ivanti vTM Flaw Now Weaponized

A critical authentication bypass vulnerability identified as CVE-2024-7593, with a CVSS score of 9.8, has been weaponized following the release of a public proof-of-concept (PoC) exploit.

While Ivanti has not yet observed any real-world exploitation of CVE-2024-7593, the existence of a public PoC exploit significantly increases the risk.

This vulnerability in Ivanti’s Virtual Traffic Manager (vTM) software allows remote, unauthenticated attackers to gain full administrative control over vulnerable vTM appliances, posing a significant security risk.


15) Zyxel Security Routers Vulnerable to OS Command Injection: CVE-2024-7261

Zyxel has addressed multiple security vulnerabilities across various network devices, including a critical vulnerability identified as CVE-2024-7261. This vulnerability allows unauthenticated attackers to execute operating system commands on numerous Zyxel access points (AP) and security routers by sending a specially crafted cookie to the affected devices.


16) Critical Code Execution Vulnerability in VMware Fusion: CVE-2024-38811

A high-severity security vulnerability, identified as CVE-2024-38811, has been discovered in VMware Fusion, a widely-used virtualization software for macOS. With a CVSS score of 8.8, this vulnerability poses a significant risk, allowing a malicious actor with standard user privileges to execute arbitrary code within the context of the Fusion application.

To view or add a comment, sign in

More articles by BRANDEFENSE

Insights from the community

Others also viewed

Explore topics