Exposures, Exposed! Weekly Round-up December 30 – January 5
Welcome to this week’s special New Year’s edition of Exposures Exposed! As we step into 2025, it’s crucial to remain vigilant against threats that could disrupt your security and peace of mind in the new year. Each week, our experts highlight critical vulnerabilities and exposures that demand your attention. Start the new year informed, stay proactive, and ensure your security stays strong throughout 2025!
Severe Vulnerability in Palo Alto Networks Exposes Firewalls
Palo Alto Networks recently identified CVE-2024-3393, a severe vulnerability in its PAN-OS software. The flaw, affecting the DNS Security feature, allows attackers to send malicious DNS packets, causing a Denial of Service (DoS). If exploited, the firewall could enter maintenance mode after multiple attempts, disrupting network operations. The vulnerability affects PAN-OS versions 11.2, 11.1, 10.2, and 10.1. Palo Alto Networks urges organizations to apply patches or workarounds immediately to mitigate risks.?
Cybercriminals have already exploited this flaw, and CISA has added it to the Known Exploited Vulnerabilities catalog. The deadline for applying patches is January 20, 2025.?
The Takeaway: Organizations should update vulnerable PAN-OS versions or apply workarounds to prevent exploitation. Learn more here.
Microsoft Azure Data Factory Faces Security Vulnerabilities
Microsoft Azure Data Factory’s integration of Apache Airflow has been found to contain three low-severity vulnerabilities. These issues include a Kubernetes RBAC misconfiguration, a secret management flaw in Azure’s Geneva service, and improper Geneva authentication. Threat actors could exploit these vulnerabilities to distribute malware, steal data, and carry out other malicious activities.?
Researchers from Palo Alto Networks Unit 42 reported that attackers could create and upload a directed acrylic graph file to GitHub, enabling reverse shell deployment. This could lead to cluster takeovers and root access compromises on host virtual machines. The findings underscore the need for careful management of service permissions and monitoring of third-party services to prevent unauthorized access.
The Takeaway: Organizations should address the identified vulnerabilities and secure their Azure services to prevent exploitation. Learn more here.
Vulnerabilities in WhatsUp Gold and Oracle WebLogic Discovered
Progress WhatsUp Gold and Oracle WebLogic Server are facing significant security vulnerabilities. WhatsUp Gold versions earlier than 24.0.2 are exposed to potential data breaches and unauthorized access. Nearly 110,000 instances of WhatsUp Gold, mainly in the U.S. and China, are at risk. Users are urged to upgrade to version 24.0.2, which includes patches for CVE-2024-12108, CVE-2024-12106, and CVE-2024-12105. Learn more here.
Meanwhile, Oracle WebLogic Server’s CVE-2024-21182 flaw, disclosed in July 2024, has received public Proof-of-Concept (PoC) exploits. The vulnerability affects versions 12.2.1.4.0 and 14.1.1.0.0, with the potential for unauthorized access to critical data. Oracle has released patches for this issue, and temporary mitigation measures include restricting T3 protocol access and disabling the IIOP protocol. Learn more here.?
The Takeaway: Organizations must apply patches for WhatsUp Gold and Oracle WebLogic vulnerabilities to prevent exploitation.
Vulnerability Discovered in Veritas Data Insight Software
A security vulnerability in Veritas/Arctera Data Insight software (versions 7.1 and prior) has been identified, allowing attackers to execute arbitrary SQL commands on the backend database. The issue, classified as SQL Injection (CWE-89), arises from improper handling of special SQL elements in certain administrative features. Attackers with administrative privileges could exploit the flaw to alter database records, compromising sensitive data.?
领英推荐
The vulnerability has a medium severity rating, with a CVSS score of 6.5. Affected versions include 6.3 through 7.1, with earlier versions potentially impacted. Veritas recommends upgrading to version 7.1.1 to address the issue. Organizations should ensure proper privilege management and apply software updates to minimize risk.
The Takeaway: Organizations should upgrade to version 7.1.1 to secure their systems against SQL injection attacks. Learn more here.
Critical Vulnerability Found in Angular Expressions Module
A severe security vulnerability in Angular Expressions, a standalone module for Angular.JS, has been discovered. The flaw, CVE-2024-54152, affects versions prior to 1.4.3 and allows attackers to execute arbitrary code, potentially gaining full system access. With a CVSS score of 9.3, the issue is categorized as a code injection vulnerability (CWE-94). Malicious actors can exploit the flaw by crafting expressions that break out of the sandbox and execute commands on the system.?
A proof-of-concept exploit has demonstrated the issue's impact. The vulnerability has been fixed in version 1.4.3. Developers using affected versions are urged to upgrade immediately. Those unable to update should disable access to the “proto” function or limit its usage to one argument. The Centre for Cybersecurity Belgium advises enhanced monitoring for suspicious activities.
The Takeaway: Organizations should upgrade to Angular Expressions 1.4.3 to mitigate security risks. Learn more here.
Critical Vulnerability Found in D-Link DIR-823G Router
A critical vulnerability (CVE-2024-13030) has been identified in the D-Link DIR-823G router with firmware version 1.0.2B05_20181207. The flaw stems from improper access control in the web management interface, allowing attackers to remotely exploit the device without authentication. Attackers can manipulate settings, gain unauthorized access, and potentially compromise the router. The vulnerability is linked to the /HNAP1/ endpoint and affects multiple router settings, including reboot, firewall, and QoS configurations.?
The flaw has been assigned a CVSS score of 7.3 (high). The vulnerability poses a risk to networks relying on this device, especially in sensitive environments. No patch has been released by D-Link. Users are advised to restrict remote management, use strong passwords, monitor traffic, and replace unsupported devices. The vulnerability was disclosed publicly by researcher wxhwxhwxh_mie.
The Takeaway: Users should secure their D-Link DIR-823G routers to prevent potential exploitation. Learn more here.
That’s all for this week – have any exposures to add to our list? Let us know!
Read our latest eBook "The 5 Stages of CTEM – Your Guide to Making Them a Reality":