Exposures, Exposed! Weekly Round-up September 9-15

Welcome to "Exposures, Exposed!" – your essential guide to navigating the ever-changing cyber landscape this autumn. As the leaves turn, our dedicated experts dive deep into the cybersecurity world, shedding light on the most pressing vulnerabilities of the season. Stay informed with our weekly updates as we uncover and analyze the critical exposure incidents you need to know.

Here’s what we’ve got for you this week:

CISA Issues Advisories for ICS and Medical Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released four advisories addressing vulnerabilities in industrial control systems (ICS), including medical devices, and provided updates on previous advisories. The issues affect critical infrastructure, with vulnerabilities identified in Hughes Network Systems’ WL3000 Fusion Software, Mitsubishi Electric’s MELSEC iQ-R, Q, and L Series, and Baxter’s Connex Health Portal.

CISA highlighted that unprotected credentials and missing encryption in Hughes’ software could allow unauthorized access to network configuration data. The vulnerability was designated CVE-2024-39278, yet no user action is required following a patch from Hughes. Baxter’s Connex Health Portal was found vulnerable to SQL injection and improper access control, potentially allowing attackers to alter or delete sensitive data. Baxter patched these issues promptly.

The Takeaway: CISA advises minimizing network exposure, isolating control systems, and using secure VPNs to reduce risks. Users should apply recommended updates and review security practices to prevent exploitation. Learn more here .

Ivanti and Zyxel Release Critical Security Updates

Ivanti has issued software updates to resolve several security vulnerabilities in Endpoint Manager (EPM), including 10 critical flaws that could allow remote code execution. These vulnerabilities, affecting EPM versions 2024 and 2022 SU5 and earlier, include CVE-2024-29847, a deserialization vulnerability with a CVSS score of 10.0. Additional vulnerabilities, with CVSS scores of 9.1, involve SQL injections that could grant remote attackers with admin privileges access to execute code. Fixes are available in versions 2024 SU1 and 2022 SU6.

Ivanti has found no evidence of these vulnerabilities being exploited in the wild, but urges users to update immediately. The company has enhanced its internal scanning and responsible disclosure processes.

In a separate development, Zyxel addressed a critical command injection vulnerability in two of its NAS devices. Users are advised to apply the latest hotfixes for NAS326 and NAS542.

The Takeaway: Users should update affected devices immediately to mitigate security risks. Learn more here .

Microsoft Patch Tuesday Fixes Four Zero-Day Vulnerabilities

Microsoft's latest Patch Tuesday update, released on September 12, 2024, addresses four zero-day vulnerabilities, including a Mark of the Web security alert flaw. These vulnerabilities have been actively exploited, prompting the release of critical fixes. The update also includes patches from Adobe.

The four zero-day vulnerabilities are CVE-2024-43491, which affects Windows 10 version 1507's Servicing Stack, CVE-2024-38226 in Microsoft Publisher, CVE-2024-38217 related to Mark of the Web alerts, and CVE-2024-38014, which could grant attackers improper privileges. The latest Windows and Servicing Stack updates provide fixes.

The Takeaway: Administrators should apply the latest security updates to protect against known exploits. Learn more here .

Palo Alto Networks Patches Multiple Vulnerabilities Across Products

Palo Alto Networks has released patches for numerous vulnerabilities affecting its PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser products. Among the most critical is CVE-2024-8686, a PAN-OS command injection flaw that could allow authenticated attackers with admin access to run arbitrary commands on firewalls as root.

Additionally, the company updated its Chromium-based Prisma Access Browser to address 29 vulnerabilities, some of which have been exploited in the wild. Palo Alto also patched a medium-severity flaw in PAN-OS exposing GlobalProtect portal passwords and other issues that allow file access and user impersonation.

A Cortex XDR Agent vulnerability affecting Windows installations was also patched, as it could be exploited by malware to disable the agent. Palo Alto Networks confirmed no known exploitation of these vulnerabilities in the wild.

The Takeaway: Users should apply the latest patches to secure their systems against these vulnerabilities. Learn more here .

SonicWall Warns of Potential Exploitation of New Vulnerability

SonicWall has issued a warning that CVE-2024-40766, a recently patched SonicOS vulnerability, may be actively exploited in the wild. The vulnerability, disclosed on August 22, affects Gen 5, Gen 6, and Gen 7 firewalls and could allow unauthorized access or cause a firewall crash.

SonicWall updated its advisory, urging customers to patch their devices immediately, as a significant number of SonicWall appliances are exposed to the internet. While no specific attacks have been reported yet, SonicWall strongly recommends that users with SSLVPN and locally managed accounts update their passwords to prevent unauthorized access.

Threat actors have previously targeted SonicWall vulnerabilities, including zero-days, raising concerns about potential exploitation.

The Takeaway: Customers should apply patches and update passwords immediately to secure their SonicWall appliances. Learn more here .

Veeam Issues Patches for Critical Vulnerabilities

Veeam has released patches for 13 high-severity and five critical vulnerabilities, including a serious flaw in Veeam Backup & Replication. The vulnerability, CVE-2024-40711, could allow unauthenticated remote code execution (RCE) with a CVSS score of 9.8. This flaw, reported by Florian Hauser of CODE WHITE GmbH, has been described as potentially enabling "full system takeover."

The September 2024 security bulletin also addresses critical vulnerabilities in Veeam ONE and Veeam Service Provider Console. Notable issues include CVE-2024-42024, which affects Veeam ONE Agent, and CVE-2024-38650 and CVE-2024-39714, which impact Veeam Service Provider Console. Users are advised to update to Veeam Backup & Replication version 12.2 and other specified versions to mitigate these risks.

The Takeaway: Users should update their Veeam products immediately to address these critical vulnerabilities. Learn more here .

That’s all for this week – have any exposures to add to our list? Let us know!

"Extending The 5 Stages of CTEM to the Cloud" - read the blog: