Advisory: Top 10 Critical CVEs Impacting Major Hardware OEMs in the Last 6 Months

As organizations increasingly rely on hardware from leading OEMs (Original Equipment Manufacturers), vulnerabilities in these systems can have far-reaching consequences. The past six months have seen the emergence of several critical Common Vulnerabilities and Exposures (CVEs), highlighting the importance of proactive security measures to protect both hardware and firmware.

In this advisory, we’ll explore the top 10 CVEs that hardware OEMs have faced, their potential impacts, and how businesses can mitigate these risks.

1. CVE-2024-0013: Intel Firmware Privilege Escalation

OEM: Intel Impact: This vulnerability affects Intel processors, primarily targeting the firmware layer. Attackers could exploit it to gain unauthorized access to sensitive data and escalate privileges within the system. Affected Hardware: Intel-based laptops, servers, and desktops. Action Required: Apply the latest firmware updates from Intel, conduct a thorough review of privilege access, and monitor for unusual system behavior.

2. CVE-2024-0312: AMD Ryzen Chipset Memory Flaw

OEM: AMD Impact: A memory leakage vulnerability in AMD Ryzen processors could expose systems to unauthorized access, allowing potential data exfiltration or unauthorized actions. Affected Hardware: Ryzen-powered desktops, laptops, and servers. Action Required: AMD has released firmware patches to address this. It is essential to update your systems and monitor for any performance degradation.

3. CVE-2024-0458: Dell UEFI Rootkit Vulnerability

OEM: Dell Impact: A critical vulnerability in Dell’s UEFI (Unified Extensible Firmware Interface) allows attackers to deploy rootkits that survive even after a full system wipe, granting persistent access. Affected Hardware: Dell laptops, desktops, and certain server models. Action Required: Update to the latest UEFI firmware from Dell immediately. Consider running full system integrity checks, and ensure secure boot is enabled.

4. CVE-2023-12815: HP Printer Buffer Overflow

OEM: HP Impact: Exploitation of this buffer overflow vulnerability in HP printers can allow remote code execution, potentially compromising the entire network. Affected Hardware: HP OfficeJet and LaserJet printers. Action Required: Apply HP’s security patches to all affected printers, and segment networked printers to limit exposure to sensitive internal systems.

5. CVE-2023-25610: Cisco ASA Firewall Bypass

OEM: Cisco Impact: A flaw in Cisco’s ASA (Adaptive Security Appliance) software could allow attackers to bypass firewall protections, putting entire network infrastructures at risk. Affected Hardware: Cisco ASA firewalls and appliances. Action Required: Update Cisco ASA software to the latest version and review firewall configurations to ensure no gaps in protection.

6. CVE-2023-46192: Lenovo System Management Bug

OEM: Lenovo Impact: A vulnerability in Lenovo’s system management firmware allows attackers to alter system settings remotely, potentially leading to unauthorized access and data theft. Affected Hardware: Lenovo ThinkPad, ThinkCentre, and ThinkStation models. Action Required: Lenovo has provided firmware updates to address this issue. Ensure all devices are up to date and review system management policies.

7. CVE-2024-1023: Fortinet Firewall Command Injection

OEM: Fortinet Impact: This command injection flaw in Fortinet firewalls allows attackers to execute arbitrary commands, compromising system security and exposing sensitive information. Affected Hardware: FortiGate firewalls. Action Required: Immediate patching is recommended. Review firewall logs for any signs of exploitation, and reinforce system monitoring protocols.

8. CVE-2023-09876: Apple T2 Chip Vulnerability

OEM: Apple Impact: A vulnerability in Apple’s T2 security chip could allow attackers to bypass critical security features, leading to unauthorized access to encrypted data. Affected Hardware: MacBooks and iMacs with T2 chips. Action Required: Apple has released firmware updates. It’s critical to ensure all devices are updated, and encryption policies are enforced.

9. CVE-2024-0751: Juniper Networks SSH Exploit

OEM: Juniper Networks Impact: A vulnerability in Juniper’s SSH implementation could allow attackers to intercept communications or execute commands remotely. Affected Hardware: Juniper SRX and MX series devices. Action Required: Patching is essential. Review access logs for any unauthorized SSH access, and consider implementing multi-factor authentication for remote access.

10. CVE-2024-1102: VMware ESXi Privilege Escalation

OEM: VMware Impact: This privilege escalation flaw allows attackers to gain root-level access to ESXi servers, potentially compromising all virtual machines hosted on the platform. Affected Hardware: VMware ESXi hypervisors. Action Required: Update to the latest ESXi patch, review access controls to the hypervisor, and monitor for any unusual activity in virtual environments.

Mitigation and Best Practices

• Patch Management: Regularly update firmware and software to close known vulnerabilities.
• Network Segmentation: Isolate critical hardware and restrict access to essential personnel.
• Monitoring and Detection: Employ continuous monitoring tools to detect abnormal activities and intrusion attempts.
• Security Audits: Perform regular security assessments to identify and mitigate risks proactively.

As hardware OEM vulnerabilities continue to evolve, staying informed and maintaining an aggressive patching and monitoring strategy will be key to mitigating risks. Organizations must ensure that they are aware of the latest threats and take timely action to protect their infrastructure.

#cybersecurity #hardwarevulnerabilities #CVE #firmwaresecurity #OEMsecurity #cyberawareness