Exposures, Exposed! Weekly Round-up January 20 – January 26
Welcome to this week’s edition of Exposures Exposed! In a world where risks are constantly evolving, it’s vital to stay ahead of threats that could jeopardize your security. Each week, our experts identify critical vulnerabilities and exposures that might otherwise take you by surprise. Join us to stay informed and strengthen your defenses!
Millions of Devices Face Severe VPN Protocol Vulnerabilities
Millions of VPN servers, home routers, and internet-connected devices are exposed to critical vulnerabilities in multiple tunneling protocols, according to researchers. The flaws, identified in CVE-2024-7595, CVE-2024-7596, CVE-2025-23018, and CVE-2025-23019, enable attackers to exploit multiple tunneling protocols, including IPIP/IP6IP6, GRE/GRE6, 4in6, and 6in4.
Researchers Mathy Vanhoef, Angelos Beitis, and Top10VPN revealed that these vulnerabilities allow attackers to inject malicious traffic into vulnerable systems. Misconfigured tunneling protocols fail to verify the sender’s identity, enabling malicious actors to spoof packets and hijack connections. Scans revealed 4.26 million vulnerable hosts globally, with many located in China.
These compromised systems can facilitate denial-of-service attacks, DNS spoofing, and anonymous proxy abuse, making them difficult to trace and secure.
The Takeaway: System administrators must patch vulnerable devices and review tunneling protocol configurations. Learn more here.
Azure DevOps Vulnerabilities Allow SSRF and CRLF Attacks
Security researchers from Binary Security discovered multiple vulnerabilities in Azure DevOps. These flaws allow attackers to inject CRLF queries and perform DNS rebinding attacks. The first vulnerability, found in the 'endpointproxy' functionality, enables Server-Side Request Forgery (SSRF). A second flaw in Service Hooks allows both SSRF and CRLF injection. Initial fixes for the endpointproxy vulnerability were bypassed using DNS rebinding techniques. Microsoft acknowledged these issues and awarded bounties totaling $15,000.?
The Takeaway: Update Azure DevOps systems and implement strong authentication mechanisms. Learn more here.
Ivanti Releases Patches for Critical Vulnerabilities
Ivanti has released patches for two significant vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateways products. Identified as CVE-2025-0282 and CVE-2025-0283, these flaws could lead to remote code execution and privilege escalation. CVE-2025-0282 is particularly critical due to its ease of exploitation by unauthenticated attackers. Ivanti recommends immediate patch application using the Integrity Checker Tool (ICT) to detect signs of compromise.
The Takeaway: Apply relevant patches promptly and monitor network health using ICT. Learn more here.
Three Vulnerabilities Found in Planet WGS-804HPT Industrial Switch
New research from Claroty’s Team82 identified three vulnerabilities in the Planet WGS-804HPT industrial switch. These flaws could allow remote code execution on affected devices, potentially enabling further network exploitation. The vulnerabilities include buffer and integer overflows and an OS command injection flaw. Users are advised to upgrade firmware to version 1.305b241111 as recommended by Planet Technology.?
The Takeaway: Upgrade your Planet WGS-804HPT device firmware to mitigate risks. Learn more here.
Oracle To Release Patches For 320 Security Vulnerabilities
Oracle plans to release patches for 320 new security vulnerabilities affecting over 90 products. These span 27 categories, including Communications applications, Construction and Engineering appliances, middleware, servers, and the E-Business Suite. The vulnerabilities range from low severity with CVSS scores between 4 and 6 to critical flaws scoring 9.9. Critical issues affect Oracle Supply Chain products like Agile Engineering Data Management version 6.2.1 and Agile PLM Framework version 9.3.6. Five other vulnerabilities have a CVSS score of 9.8. Oracle advises immediate patch application. CISA recently added CVE-2020-2883 to its KEV catalog.
The Takeaway: Apply Oracle’s January 2025 Critical Patch Update as soon as possible. Learn more here.
领英推荐
Kaspersky Discloses Mercedes-Benz Infotainment Vulnerabilities
Kaspersky has identified over a dozen vulnerabilities in the Mercedes-Benz User Experience (MBUX) infotainment system. These flaws include risks such as denial-of-service attacks, data theft, command injection, and privilege escalation. Notably, Kaspersky demonstrated that physical access to the vehicle could allow attackers to disable anti-theft protections and unlock paid services without authorization.
Mercedes-Benz has assured users that the vulnerabilities have been patched in affected systems. The automaker also confirmed that newer versions of the MBUX system remain unaffected. Additionally, Mercedes-Benz encouraged researchers to report any further issues through its official vulnerability disclosure program to ensure continued security improvements.
The Takeaway: Update your Mercedes-Benz infotainment system to the latest version to protect against potential vulnerabilities. Learn more here.
CISA Adds Aviatrix Controllers Vulnerability to KEV Catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability in Aviatrix Controllers to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2024-50603, this flaw impacts versions pre-7.1.4191 and 7.2.x pre-7.2.4996, allowing unauthenticated attackers to execute arbitrary code via API. Wiz Incident Response team reported active exploitation leading to backdoors and cryptocurrency miners. Aviatrix patched the issue in versions 7.1.4191 and 7.2.4996. CISA mandates federal agencies to address this by February 6, 2025.
The Takeaway: Patch Aviatrix Controllers immediately and review infrastructure for vulnerabilities. Learn more here.
Cloudflare Vulnerability Exposes Location Data of Application Users??
A recently patched vulnerability in Cloudflare’s caching system allowed attackers to infer the physical location of users on certain applications, including Signal and Discord. Independent security researchers identified the issue, which exploited specific headers returned by Cloudflare’s Content Delivery Network (CDN).??
The vulnerability enabled attackers to analyze response headers, such as cf-cache-status and cf-ray, to determine the Cloudflare datacenter serving a user and approximate their geographic location. An additional feature, known as the "Teleport" bug, heightened the precision of these attacks by allowing requests to be routed to specific datacenters.??
Cloudflare acted swiftly to resolve the issue and secure its infrastructure. However, the incident highlights the privacy risks of third-party service integration and the need for robust security measures in performance-enhancing technologies.??
The Takeaway: Users should adopt privacy-enhancing tools like VPNs to minimize risks. Learn more here.??
That’s all for this week – have any exposures to add to our list? Let us know!
Read our latest blog "From Risk to Resilience: XM Cyber’s 2024 Wrapup":