Exposures, Exposed! Weekly Round-up September 16-22
Welcome to "Exposures, Exposed!" - your essential guide to weathering the cyber storms of this autumn. As the rain falls and the winds howl, our dedicated experts are here to navigate the treacherous cybersecurity landscape. Join us as we delve into the most pressing vulnerabilities of the season, uncovering the hidden dangers lurking in the digital shadows.?
Here’s what we’ve got for you this week:
Critical Vulnerabilities Found in WhatsUp Gold Exploited Online
Two major vulnerabilities in Progress Software’s WhatsUp Gold product, patched recently, appear to have been exploited in the wild. These vulnerabilities, tracked as CVE-2024-6670 and CVE-2024-6671, are critical SQL injection flaws allowing attackers to retrieve encrypted passwords.?
Trend Micro identified multiple attempts to deploy remote access tools (RATs) against affected systems. While there is no confirmed link to a specific threat group, the activity suggests potential ransomware involvement.
The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-6670 to its Known Exploited Vulnerabilities catalog, though exploitation in ransomware campaigns remains unverified. Progress Software’s advisory now includes potential indicators of compromise.
The Takeaway: Organizations should apply patches immediately to avoid exploitation.
GitLab Releases Critical Security Patch?
GitLab has released security updates to address 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9. This vulnerability allows attackers to process pipeline jobs as any user, posing significant risks such as unauthorized code deployment and data tampering.
The Takeaway: Organizations should patch CVE-2024-6678 immediately and adopt layered security measures to safeguard their CI/CD environments. Learn more here .
D-Link Patches Five Critical Flaws in Wi-Fi Routers
D-Link has released security updates to address five critical and high-severity vulnerabilities in its home Wi-Fi routers. These include two buffer overflow flaws, tracked as CVE-2024-45694 and CVE-2024-45695, which allow unauthenticated attackers to remotely execute code (RCE). Both vulnerabilities, rated 9.8 on the CVSS scale, affect the DIR-X4860 and DIR-X5460 router models.?
The company also fixed three vulnerabilities related to hidden hard-coded credentials, including CVE-2024-45697, which could enable unauthorized access to routers when certain conditions are met. Other flaws (CVE-2024-45696 and CVE-2024-45698) involve telnet service vulnerabilities that could allow attackers on the same network to inject commands.
The Takeaway: Update affected D-Link routers to the latest firmware immediately to prevent exploitation. Learn more here .
SAP Releases Key Security Patches During September Update
In September 2024, SAP issued nineteen new and updated security notes addressing critical vulnerabilities in its systems. The update included a HotNews note, #3479478, which resolved a missing authentication check in SAP BusinessObjects Business Intelligence Platform. With a CVSS score of 9.8, this flaw posed significant risks of unauthorized data access. The note was initially released in August and updated to provide workarounds for users unable to immediately apply the patch.
Additionally, a High Priority note, #3459935, fixed an information disclosure issue in SAP Commerce Cloud, raising the patch version to Release 2211.28. Onapsis Research Labs played a significant role in identifying and resolving twelve vulnerabilities across SAP systems, focusing on issues like cross-site scripting and missing authorization checks.
领英推荐
The Takeaway: SAP users should apply the latest security updates immediately to protect against potential vulnerabilities. Learn more here .
SolarWinds Patches Critical Vulnerabilities in Access Rights Manager
SolarWinds has released patches for two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability (CVE-2024-28991) with a CVSS score of 9.0. The flaw allows remote code execution through deserialization of untrusted data. Although authentication is required to exploit the vulnerability, it can be bypassed, making the flaw highly dangerous.
Additionally, a medium-severity flaw (CVE-2024-28990) exposing a hard-coded credential was also patched. Both issues have been resolved in ARM version 2024.3.1. No active exploitation has been reported, but users are strongly urged to update.
The Takeaway: Users should immediately update SolarWinds ARM to the latest version to protect against these vulnerabilities. Learn more here .
CISA Mandates Urgent Patches for Three Windows Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive requiring three critical Windows vulnerabilities to be patched by October 1, 2024. While the mandate is specific to federal agencies, CISA urges all organizations to address these vulnerabilities, as they are actively being exploited by attackers.?
The vulnerabilities include CVE-2024-38014, a Windows installer privilege escalation flaw; CVE-2024-38217, a Mark of the Web security bypass vulnerability; and CVE-2024-43491, a Windows Update remote code execution issue. CISA has added these flaws to its Known Exploited Vulnerabilities catalog, underscoring the need for immediate action.
The Takeaway: All organizations should prioritize patching these Windows vulnerabilities to protect against active exploitation. Learn more here .
Atlassian Releases Patches for Multiple High-Severity Vulnerabilities
Atlassian has issued patches for four high-severity vulnerabilities affecting Bamboo, Bitbucket, Confluence, and Crowd. These flaws, disclosed in Atlassian’s September 2024 security bulletin, can cause denial-of-service (DoS) conditions.?
Bamboo and Bitbucket received updates to address CVE-2024-34750, a Tomcat Coyote connector issue, while Bitbucket also patched CVE-2024-32007, an input validation flaw. Confluence and Crowd updates resolved vulnerabilities in Bouncy Castle Java (CVE-2024-29857) and Clojure (CVE-2024-22871).
All the vulnerabilities were reported through Atlassian’s bug bounty program, and there is no evidence of active exploitation.?
The Takeaway: Users should immediately update their Atlassian products to the latest versions to address these security vulnerabilities. Learn more here .
That’s all for this week – have any exposures to add to our list? Let us know!
Read our latest blog - 9 Reasons CTEM Needs to be in Your 2025 Budget: