Exposures, Exposed! Weekly Round-up December 23 – December 29
Welcome to 2024’s final installment of Exposures, Exposed! As we unwrap the latest developments in cybersecurity, it’s essential to stay alert to threats that could disrupt your security and peace of mind during the holiday aftermath. Each week, our experts spotlight critical vulnerabilities and exposures that need your attention. Stay informed, stay proactive, and keep the new year secure!
Ruijie Cloud Devices Face Security Threats?
Nearly 50,000 Ruijie cloud-connected devices are vulnerable to exploitation due to 10 security flaws in the Reyee cloud platform, according to a report. While all vulnerabilities have been patched, researchers warn of potential risks.?
Among the critical flaws are CVE-2024-48874, a server-side request forgery issue, CVE-2024-52324, an inherently dangerous function flaw, and CVE-2024-47547, a weak password recovery mechanism. Threat actors could also exploit CVE-2024-45722 to access serial numbers and credentials, while CVE-2024-47146 could allow remote code execution through an Open Sesame attack.?
Researchers emphasize that these vulnerabilities highlight risks in internet-of-things devices, including routers and wireless access points, which can be targeted for deeper network breaches.?
The Takeaway: Update Ruijie cloud devices immediately to mitigate risks. Learn more here.
Amazon Fixes High-Severity Amazon Redshift Vulnerabilities
Amazon has addressed three high-severity SQL injection vulnerabilities in its Amazon Redshift drivers. The flaws, tracked as CVE-2024-12744, CVE-2024-12745, and CVE-2024-12746, could enable privilege escalation, posing risks of data compromise. Fixes were made available on December 23.?
CVE-2024-12744 affects the Redshift JDBC Driver (version 2.1.0.31). Amazon recommends upgrading to version 2.1.0.32 or reverting to version 2.1.0.30. CVE-2024-12745 impacts the Python Connector (version 2.1.4) and has been fixed in version 2.1.5, with a rollback option to version 2.1.3. CVE-2024-12746 involves the ODBC Driver (version v2.1.5.0) and has been resolved in version 2.1.6.0, with version 2.1.4.0 as a rollback option.
Amazon urges all customers to update affected drivers to the latest versions to mitigate these security risks.
The Takeaway: Upgrade Amazon Redshift drivers immediately to ensure data security. Learn more here.
Microsoft Addresses 71 Vulnerabilities in December Patch Update
Microsoft has issued fixes for 71 vulnerabilities in its December 2024 Patch Tuesday release, including 16 classified as Critical and one actively exploited zero-day vulnerability, CVE-2024-49138. This zero-day, a privilege escalation flaw in the Windows Common Log File System, has been patched.?
Critical vulnerabilities this month include CVE-2024-49112, a Windows Lightweight Directory Access Protocol (LDAP) flaw with a CVSS score of 9.8, allowing remote code execution through specialized LDAP calls. Additional high-risk issues affect Microsoft Hyper-V, Message Queuing, and Local Security Authority Subsystem Service (LSASS). Exploiting these flaws could lead to privilege escalation or remote code execution, posing serious threats to infrastructure.?
Microsoft advises users to apply all available patches immediately and follow specific recommendations, such as disabling unused services and restricting network access, to reduce attack risks.
The Takeaway: Apply December Patch Tuesday updates without delay. Learn more here.
Sophos Patches Critical Vulnerabilities in Firewall Products
Sophos has released fixes for several high-severity vulnerabilities in its firewall products, including CVE-2024-12727, an SQL injection flaw with a CVSS score of 9.8. This bug allows remote attackers to execute arbitrary code if Secure PDF eXchange (SPX) is enabled and the firewall operates in High Availability (HA) mode. The issue affects devices running versions prior to 21.0 MR1 and impacts only 0.05% of devices.?
Sophos has also addressed CVE-2024-12728, a weak SSH credentials vulnerability in HA clusters, and CVE-2024-12729, a code injection flaw in the User Portal. To reduce risk, users are advised to disable WAN access to SSH, the User Portal, and Webadmin. Sophos confirmed no active exploitation of these vulnerabilities so far.?
The Takeaway: Apply the latest patches and adjust firewall settings to mitigate potential risks. Learn more here.
领英推荐
CISA Adds CVE-2021-44207 to Exploited Vulnerabilities List??
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2021-44207 to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This vulnerability, found in Acclaim Systems USAHERDS web application version 7.4.0.1 and earlier, is a hard-coded credentials flaw that allows remote code execution (RCE).??
The vulnerability stems from static ValidationKey and DecryptionKey values used in the application’s ViewState. Attackers with access to these keys can craft malicious payloads, enabling unauthorized code execution on the application’s server. Exploitation requires attackers to obtain the keys through other vulnerabilities or alternate methods.??
CISA urges organizations to mitigate this issue by applying vendor patches, contacting Acclaim Systems for guidance, or discontinuing use of affected versions. This action supports the Binding Operational Directive (BOD) 22-01 to address significant risks posed by exploited vulnerabilities.??
The Takeaway: Update affected systems, apply mitigations, and review vulnerability management practices. Learn more here.??
Adobe Addresses ColdFusion Vulnerability in Security Update??
Adobe has issued a security update (APSB24-107) to address CVE-2024-53961, an arbitrary file system read vulnerability affecting ColdFusion 2021 and 2023. This flaw allows attackers to read arbitrary files on affected systems, posing risks of unauthorized access and data exposure.??
A proof-of-concept exploit for the vulnerability has been published, increasing the urgency for organizations to apply the provided patch. While no exploitation has been observed in the wild, the vulnerability could significantly impact web servers running ColdFusion globally, particularly in the technology and software industries.??
Organizations are advised to apply Adobe’s patch immediately, implement access controls to restrict unauthorized data access, and monitor systems for signs of exploitation. Additional measures include enabling file system monitoring to detect suspicious activity.??
The Takeaway: Apply the ColdFusion patch, strengthen access controls, and monitor systems for exploitation. Learn more here.??
SHARP Warns Users About Critical Router Vulnerabilities??
SHARP has issued a security advisory addressing multiple vulnerabilities in its router products. The flaws, identified as CVE-2024-45721, CVE-2024-46873, CVE-2024-47864, CVE-2024-52321, and CVE-2024-54082, could allow attackers to execute commands, expose sensitive information, or cause denial-of-service (DoS) attacks.??
The vulnerabilities impact several router models, including SH-05L, SH-52B, SH-54C, HR02, and SoftBank 809SH, with CVSS scores reaching 9.8. Attackers would require access to the router via Wi-Fi, USB, or LAN, and specific technical knowledge to exploit these flaws. SHARP has released firmware updates to address these issues and recommends users update immediately.??
SHARP advises enabling automatic updates to receive future patches and verifying that devices are running the latest firmware version to ensure network security.??
The Takeaway: Update router firmware, enable automatic updates, and verify device security. Learn more here.??
That’s all for this week – have any exposures to add to our list? Let us know!
Read our latest eBook "The 5 Stages of CTEM – Your Guide to Making Them a Reality":