Exposures, Exposed! Weekly Round-up September 23-29

Welcome to "Exposures, Exposed!" – your essential guide to weathering the calm before the winter storms of cybersecurity. Join us as we uncover the most pressing vulnerabilities and exposures of the season, revealing the hidden dangers so you can keep your organization secured.?

Here’s what we’ve got for you this week:

ESET Releases Patches for Multiple Security Vulnerabilities

ESET has released patches addressing two local privilege escalation vulnerabilities affecting Windows and macOS products. One of the vulnerabilities, identified as CVE-2024-7400, impacts Windows products and was caused by improper file handling during file removal. This flaw could allow low-privilege attackers to delete files and escalate their privileges. The issue was fixed in Cleaner module 1251, automatically distributed to customers in August.?

The second vulnerability, CVE-2024-6654, affects macOS versions of ESET Cyber Security and Endpoint Antivirus. This flaw could allow users to conduct a denial-of-service attack, disabling security tools. ESET addressed the issue in Cyber Security version 7.5.74.0 and Endpoint Security for macOS version 8.0.7200.0. The company has reported no known exploits for either vulnerability.

The Takeaway: ESET users should ensure their products are updated to apply the latest security patches. Learn more here.

Ivanti Vulnerabilities Under Attack, New Flaws Discovered

Three vulnerabilities in Ivanti products have been targeted recently, including a critical authentication bypass flaw in Virtual Traffic Manager (vTM), tracked as CVE-2024-7593. The flaw, with a CVSS score of 9.8, was first disclosed on August 12. Patches were made available by August 19, though no active exploitation has been confirmed. However, a proof-of-concept exploit is publicly available.

Another critical vulnerability, CVE-2024-8963, affecting Cloud Services Appliance (CSA) 4.6, was disclosed on September 16 and exploited against a limited number of customers. This path traversal flaw was patched prior to attacks.

Additionally, a third vulnerability, CVE-2024-8190, can be chained with CVE-2024-8963 for further exploitation. Ivanti confirmed this flaw was also mitigated in patch 519.

The Takeaway: Ivanti users should immediately apply the latest patches to protect against these vulnerabilities. Learn more here.

Critical Vulnerability Found in Common Unix Printing System

A newly disclosed vulnerability in the Common Unix Printing System (CUPS) may allow attackers to gain remote access to UNIX-based systems. Security researcher Simone Margaritelli detailed the issue, which can be exploited by sending a crafted HTTP request to the CUPS service. Affected systems include Linux, macOS, and various other UNIX-based operating systems.

The vulnerability, classified as high severity, enables remote code execution and potential elevation of privileges on vulnerable systems. Red Hat Enterprise Linux (RHEL) versions are also affected, although not in default configurations. The impact could be widespread, affecting sectors like finance, healthcare, and government.

The Takeaway: Organizations are advised to disable or restrict access to CUPS and implement additional security measures such as network segmentation and access controls. Learn more here.

Critical Vulnerability in MediaTek Wi-Fi Chips Discovered

A newly identified vulnerability in MediaTek Wi-Fi chipsets, CVE-2024-20017, allows attackers to launch remote code execution (RCE) attacks without user interaction. This 0-click vulnerability affects a wide range of devices, including those from Ubiquiti, Xiaomi, and Netgear, and is caused by a buffer overflow in the wappd network daemon.

The bug, residing in the MediaTek MT7622/MT7915 SDK, can lead to stack overflow, allowing attackers to gain control of affected devices. Researchers have developed four different exploits, each bypassing various security mechanisms such as ASLR and stack canaries. These exploits target different conditions in devices using Wi-Fi 6 technology.

The Takeaway: Users should update their device firmware immediately to mitigate this critical vulnerability. Learn more here.

Critical Vulnerabilities Found in Automatic Tank Gauge Systems

Researchers from BitSight Technologies have uncovered multiple critical zero-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. These vulnerabilities could allow malicious actors to exploit industrial control systems (ICS), potentially causing physical damage, environmental hazards, and significant economic losses. Despite previous warnings, thousands of ATG systems remain accessible online, making them prime targets for cyberattacks.

The vulnerabilities, first disclosed on March 21, 2024, affect key infrastructure sectors. BitSight is collaborating with CISA and affected vendors to mitigate risks. These systems are used to monitor fuel storage tanks in industries like airports, hospitals, and gas stations, and can control safety measures such as alarms and emergency shutoffs.

The Takeaway: Organizations should remove ATG systems from the public internet and assess their security immediately. Learn more here.

Apple Releases iOS 18 With Critical Security Fixes

Apple has officially launched iOS 18, the latest update for iPhones and iPads, with a focus on addressing significant security vulnerabilities. The update patches 33 flaws that could have exposed millions of devices to security risks. These vulnerabilities, if left unaddressed, could have allowed attackers to access sensitive data, control device functions, or exfiltrate information.

Key vulnerabilities include a Bluetooth exploit, a kernel flaw affecting VPN traffic, and a critical Webkit flaw in Safari. Other issues involved accessibility features, the Mail app, and Siri, which posed risks to user privacy and data security. Apple strongly urges all users to update to iOS 18 to protect their devices from these security threats.

The Takeaway: iPhone users should update to iOS 18 immediately to protect their devices from potential security breaches. Learn more here.

That’s all for this week – have any exposures to add to our list? Let us know!

Read the latest blog by XM Cyber:

How to Make Sure the Board is On-Board (and Not Bored) with Cybersecurity