August 2024 Vulnerability Review
Hey Vulnerability Watchers,
August once again shows why proactive vulnerability monitoring and management has become an integral part of the daily business of IT and security managers.
According to the BSI, around 2,000 software vulnerabilities occur every month, an increase of around 24% compared to the previous year. As the time between the occurrence of a vulnerability and its actual identification is becoming ever shorter, companies are constantly on the alert and must ensure holistic security across all IT assets.
Since a data protection or security breach costs companies an average of 4.45 million US dollars, you should also take action and create transparency across your IT assets in order to identify and automatically eliminate software vulnerabilities.
Raynet One, our new SaaS platform, provides exactly this transparency with complete True IT Asset Visibility and gives valuable insights into your portfolio. Get first insights into vulnerabilities and other risk factors in your IT landscape with just one click and after 10 minutes.
Get your 30-day Raynet One trial license now or take a look at our Vulnerability Report August
_____
Good news right at the start: the number of software vulnerabilities that occurred in August dropped significantly - the trend of recent months did not continue in August.
With a total of 2,119 vulnerabilities, we have recorded a reduction of almost 56% compared to July. However, less vulnerabilities does not mean less risks for companies.
The published vulnerabilities are split between 283 software vendors and 571 software applications. We have also noticed a slight decrease here - although this is the natural result of the decrease in the total number of vulnerabilities.
Let’s take a deeper look on the software vulnerabilities and their impact on business.
In our vulnerability dashboard, we classify vulnerabilities based on their criticality. Severity 8-10 represents a particularly high risk. Companies should act immediately and quickly to avoid leaving themselves open to attack.
70% of the total of 2,119 vulnerabilities have a score of 8-10 and are therefore very dangerous. 29% of the vulnerabilities have a medium risk. In August, Adobe, Microsoft, and Siemens are the top vendors with most vulnerabilities.
57% of identified vulnerabilities have a criticality score of 8 or higher and address common and famous products. Adobe’s vulnerable products are Adobe Photoshop, Adobe Illustrator or Adobe InDesign. Microsoft's vulnerabilities relate to various Windows 10 updates and Edge versions.
Here are some of the most critical vulnerabilities from August:
领英推荐
CVE-2024-20450
Vendor: Cisco
Product: SPA 301 Firmware
Description: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
CVE-2024-38108
Vendor: Microsoft
Product: Azure Stack Hub
Description: Azure Stack Hub Spoofing Vulnerability
CVE-2024-38199
Vendor: Microsoft
Product: Windows 10 1507
Description: Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-7519
Vendor: Mozilla
Product: Firefox
Description: Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Whether these vulnerabilities are critical for your infrastructure depends on how the software or device is configured, what it is connected to, and existing security measures. As always, check these vulnerabilities against your actual infrastructure and configurations.
With Raynet One, you’ll get a deep dive into your companies vulnerabilities and can identify risk potential immediately.
Get your 30-day Raynet One trial license now and explore our new SaaS platform on your own.