In last week’s vulnerability news, major companies performed recent patches to resolve critical vulnerabilities across various software and hardware platforms. Microsoft addressed a remote code execution issue. ASUS fixed authentication bypass and buffer overflow issues in its routers. VMware patched heap-overflow and privilege escalation problems in vCenter Server, while Trellix tackled an insecure deserialization vulnerability in its IPS Manager.
Fortra remedied a hard-coded password issue in the FileCatalyst software. Cybersecurity researchers discovered a buffer overflow flaw in Intel Core processor firmware causing Phoenix Technology to release patches. SolarWinds resolved an actively exploited directory traversal vulnerability in Serv-U. To minimize future vulnerabilities, concerned users should prioritize frequent upgrades and strong security practices for all systems and applications.
June 17, 2024
Microsoft Patches Multiple Vulnerabilities, Including RCE in Wi-Fi Driver
Type of vulnerability: Remote code execution.
The problem: Microsoft patched a critical vulnerability (CVE-2024-30078) with a severity score of 8.8 in their June 2024 Patch Tuesday. The flaw affects several Windows versions and permits remote code execution without user interaction. Attackers simply need to be on the same network to send malicious packets to susceptible Wi-Fi adapters, potentially gaining control of the affected PCs.
The fix: To secure yourself from this vulnerability, upgrade your Windows operating systems right now. Go to Start Menu – Settings – Update & Security – Check for Updates to make sure you’ve installed all patches. Microsoft published updates for supported versions, including solutions for the Wi-Fi driver vulnerability, which reduces the risk of exploitation.
ASUS Updates Software to Address Router Vulnerabilities
Type of vulnerability: Multiple, including authentication bypass and stack-based buffer overflow.
The problem: Following their vulnerability issues in the previous week, ASUS recently released a new patch for a major authentication bypass vulnerability (CVE-2024-3080, CVSS 9.8) and a high-severity buffer overflow vulnerability (CVE-2024-3079, CVSS 7.2) that affected multiple router models. Unauthenticated attackers can use these issues to log into devices and execute arbitrary commands, putting many users at risk. Over 147,000 routers are possibly susceptible.
The fix: Immediately update your router firmware to the most recent versions offered by ASUS to mitigate these vulnerabilities. To do this, navigate to the router’s administration page, check for firmware updates, then install the most recent version.
Learn how to lessen the business disruption when patching and updating devices by creating a clearly defined patch management policy.
June 18, 2024
VMware Issues Advisory for Critical vCenter Server Vulnerabilities
Type of vulnerability: Multiple, including remote code execution and local privilege escalation.
The problem: VMware provided fixes for three significant vulnerabilities in vCenter Server versions 7.0 and 8.0, along with VMware Cloud Foundation versions 4.x and 5.X. CVE-2024-37079 and CVE-2024-37080 (both with CVSS 9.8) are heap-overflow vulnerabilities in the DCERPC protocol that allow remote code execution. CVE-2024-37081 (CVSS 7.8) is a local privilege escalation problem caused by sudo misconfiguration.
The fix: To fix these vulnerabilities, administrators should upgrade their VMware vCenter Server to versions 8.0 U2d, 8.0 U1e, or 7.0 U3r and install patches from KB88287 for Cloud Foundation. During the update process, the vSphere Client and other management interfaces will be temporarily unavailable. There are no other workarounds yet, so perform regular upgrades to avoid any exploitation.
June 19, 2024
Trellix Patches Vulnerability in IPS Manager Allowing RCE
Type of vulnerability: Insecure deserialization.
The problem: Trellix found a critical security weakness (CVE-2024-5671) in its Intrusion Prevention System (IPS) Manager, which scored 9.8 on the CVSSv3 scale. This vulnerability enables unauthenticated remote attackers to leverage unsafe deserialization, resulting in arbitrary code execution. In versions prior to 11.1.x, this vulnerability poses a significant risk to network security, with the possibility for data theft, service disruption, and network compromise.
The fix: Update Trellix IPS Manager to the most recent version as soon as possible, as they’ve already released new patches to remedy this issue. Improve your monitoring and blocking access to the IPS Manager from untrusted sources to also help reduce exposure.
June 20, 2024
Fortra Releases Advisory for Password Vulnerability in FileCatalyst
Type of vulnerability: Hard-coded password.
The problem: Fortra discovered a high-severity vulnerability (CVE-2024-5275) in the FileCatalyst TransferAgent component, which affects FileCatalyst Direct 3.8.10 Build 138 and FileCatalyst Workflow 5.1.6 Build 130. The vulnerability involves a hard-coded password that can be used to access the Keystore, which contains sensitive data such as private keys. The flaw may enable machine-in-the-middle attacks, allowing attackers to intercept and alter data.
The fix: Update now to FileCatalyst Direct version 3.8.10 Build 144 or above, and upgrade to FileCatalyst Workflow version 5.1.6 Build 133 or later. If you’re using FileCatalyst TransferAgent remotely, change REST calls to “http” or generate a new SSL key for “https” and add it to the agent’s keystore. Fortra’s knowledge portal includes detailed remedial steps.
Researchers Disclose Vulnerability Affecting Intel Core Processor
Type of vulnerability: Buffer overflow.
The problem: Security researchers reported a buffer overflow vulnerability (CVE-2024-0762, CVSS 7.5) in Phoenix SecureCore UEFI firmware, which affects numerous Intel Core processor families. The vulnerability known as “UEFIcanhazbufferoverflow” enables local attackers to escalate privileges and execute code within UEFI firmware using harmful variables in the TPM setup. It can result in persistent device backdoors that overcome high-level security measures.
The fix: Phoenix Technologies patched the vulnerability in April 2024, and Lenovo also issued fixes in May 2024. Affected customers should upgrade their firmware to the most recent versions given by their makers. Mitigate vulnerability risks and maintain system integrity and security by conducting regular firmware upgrades and adhering to standard security practices.
Atlassian Resolves High-Severity Vulnerabilities
Type of vulnerability: Multiple, including access control, SSRF, out-of-bounds write, deserialization, and more.
The problem: Atlassian recently fixed many high-risk vulnerabilities in Confluence, Crucible, Jira, and Jira Service Management. Vulnerabilities in Confluence include faulty Spring Framework access control (CVE-2024-22257) and server-side request forgery (SSRF) problems (CVE-2024-22243, CVE-2024-22262, and CVE-2024-22259).
Additionally, they’ve addressed the out-of-bounds write issues in Apache Commons Configuration. Crucible resolved deserialization vulnerabilities with unknown CVE specifics. Jira and Jira Service Management also patched an information disclosure flaw (CVE-2024-21685). Unauthenticated attackers could leverage these vulnerabilities to gain unauthorized access, cause denial-of-service (DoS) problems, or reveal sensitive information.
The fix: Update to the latest versions:
- Confluence 8.9.3, 8.5.11 (LTS), 7.19.24 (LTS)
- Crucible 4.8.15 and higher
- Jira versions 9.16.0, 9.16.1, 9.12.8, 9.12.10 (LTS), 9.4.21, 9.4.23 (LTS)
- Jira Service Management versions 5.16.0, 5.16.1, 5.12.8, 5.12.10 (LTS), 5.4.21, 5.4.23 (LTS).
June 21, 2024
SolarWinds Patches Actively Exploited Serv-U Vulnerability
Type of vulnerability: Directory traversal.
The problem: Prior to the proof-of-concept release, SolarWinds fixed a critical directory traversal issue (CVE-2024-28995, CVSS 8.6) in its Serv-U file transfer product. This vulnerability allows unauthenticated attackers to read arbitrary files on the host system. It impacted all versions preceding and including Serv-U 15.4.2 HF 1. Attackers actively utilized exploits, targeting sensitive files to exfiltrate information.
The fix: SolarWinds issued an early patch for CVE-2024-28995 on June 5, before the PoC was released. To mitigate the issue, perform an update to Serv-U version 15.4.2 HF 2 (15.4.2.157). Quickly apply updates to prevent unwanted file access. Regularly examine and upgrade file transfer software to the most recent versions, and increase monitoring to detect and respond to questionable activities. Patch quickly to prevent exploitation and data breaches.
Read next:
- Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues
- Best Vulnerability Management Software & Systems in 2024
- Top Open-Source Vulnerability Scanners & Tools