What Happened Over the Week? | CVEs Edition

Hello, hello cyber-securiters. This is a special edition for CVEs. You need lots of updates this week. The cyber-world is shaking.

Here is a catch-up for you. Let's start.

1) New Spectre Bypass Vulnerabilities Discovered in Intel and AMD CPUs on Linux        

Recent research has shown that Intel's latest processors, including 12th, 13th, and 14th generation consumer CPUs, as well as 5th and 6th generation Xeon server processors, and AMD's Zen 1, Zen 1+, and Zen 2 microarchitectures, are vulnerable to new speculative execution attacks on Linux systems. These attacks bypass existing Spectre mitigations, which were previously considered secure.

• Intel: This vulnerability is tracked as CVE-2023-38575. Intel has released a microcode update to address the issue, although it has not been fully rolled out across all platforms.
• AMD: The ETH Zurich researchers are working with Linux kernel maintainers to develop a patch for AMD processors, which is expected to be included in future Linux updates. This vulnerability is tracked as CVE-2022-23824.

2) Critical RCE Vulnerability Discovered in Grafana        

A severe security vulnerability (CVE-2024-9264) has been identified in Grafana, the widely used open-source platform for monitoring and observability. With a CVSS v3.1 score of 9.9, this vulnerability poses a significant risk, potentially allowing attackers to execute arbitrary code on affected systems, leading to full system compromise.

The vulnerability is linked to an experimental feature in Grafana called SQL Expressions, which enables users to post-process data source queries using SQL.

According to a security advisory issued by Grafana Labs, the SQL queries were not fully sanitized, resulting in a command injection and local file inclusion vulnerability.

3) Severe Vulnerabilities in Bitdefender Total Security Leave Users Vulnerable to MITM Attacks        

Bitdefender has issued an urgent advisory regarding three critical vulnerabilities found in the HTTPS scanning feature of its Total Security product. These flaws could allow attackers to intercept and manipulate user communications, exposing sensitive data.

The vulnerabilities, identified as CVE-2023-6055, CVE-2023-6056, and CVE-2023-6057, stem from how Bitdefender Total Security validates website certificates.

According to the advisory, the specifics of each vulnerability are as follows:

• CVE-2023-6055: Involves improper validation of certificates lacking the "Server Authentication" specification.
• CVE-2023-6056: Relates to an insecure trust of self-signed certificates using the RIPEMD-160 hashing algorithm.
• CVE-2023-6057: Exposes users to insecure trust of certificates signed with the DSA signature algorithm.

4) Critical RCE Vulnerability Discovered in SolarWinds Web Help Desk        

Tracked as CVE-2024-28988, this vulnerability carries a CVSS score of 9.8, marking it as a serious threat. If exploited, the flaw could allow remote attackers to execute arbitrary commands on the host system, posing significant risks to industries relying on the platform, including government agencies, large corporations, and healthcare organizations.

The vulnerability affects all versions of SolarWinds Web Help Desk prior to version 12.8.3 HF3.

SolarWinds has released an updated version to address this issue, and customers running 12.8.3 HF2 or earlier are strongly urged to upgrade to the latest version to secure their systems.

5) F5 BIG-IP Vulnerability: Critical Access Control Bypass        

This vulnerability, tracked as CVE-2024-45844, has a CVSSv4 score of 8.6 (High), indicating its severe nature. It allows authenticated attackers to bypass access control restrictions, potentially leading to system compromise.

The vulnerability exists in the BIG-IP monitor functionality, allowing an attacker with at least Manager role privileges to elevate their access or modify system configurations. Even with port lockdown settings enabled, an attacker with the necessary credentials can exploit this flaw to gain unauthorized access and control over the system.

Threat.Watch: Uncover Your Cyber Security Health        

?? Discover the power of our comprehensive cybersecurity solution that evaluates critical security categories.

Do you want to get preliminary findings ???about your company's security posture?

Learn more insights with;

?? 1B+ Credentials in Compromised Devices,

??146B+ Breached Accounts,

??22M+ Phishing Addresses and

??305M+ Darkweb Contents.

Get your free report to learn more about your company's security health: https://threat.watch/

6) CVE-2024-38819: Path Traversal Vulnerability in Spring Framework        

A new path traversal vulnerability, identified as CVE-2024-38819, has been discovered in the widely-used Spring Framework. With a CVSS score of 7.5, this vulnerability presents a serious security risk to applications that serve static resources using the WebMvc.fn or WebFlux.fn functional web frameworks.

7) macOS Vulnerability Allowing Unauthorized Access to Cameras and Microphones, PoC Released        

Microsoft Threat Intelligence has discovered a critical macOS vulnerability, CVE-2024-44133, which bypasses Apple’s Transparency, Consent, and Control (TCC) security framework. This flaw, dubbed "HM Surf," allows attackers to gain unauthorized access to sensitive data such as the camera, microphone, browsing history, and location without user consent.

8) Code Execution and Data Tampering Vulnerability Discovered in Nvidia NeMo Gen-AI Framework        

Artificial intelligence leader Nvidia has issued a security advisory highlighting a significant vulnerability in its NeMo generative AI framework, warning that malicious actors could exploit the flaw to execute code and tamper with data on systems utilizing the platform.

• CVE Identifier: CVE-2024-0129
• CVSS Score: 6.3/10 (Medium Severity)
• Affected Platforms: Windows, Linux, and MacOS

9) CISA Adds SolarWinds Web Help Desk Vulnerability to Exploited Flaws Catalog        

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation.

• CVE Identifier: CVE-2024-28987
• CVSS Score: 9.1 (critical)
• Nature of Vulnerability: Hard-coded credentials that can be exploited to gain unauthorized access and make system modifications.

10) CVE-2024-9486 (CVSS 9.8): Critical Kubernetes Image Builder Vulnerability        

The Kubernetes Security Response Committee has disclosed two critical vulnerabilities (CVE-2024-9486 and CVE-2024-9594) in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs). These vulnerabilities result from the use of default credentials during the image build process.

• CVE-2024-9486: Proxmox Provider Poses Highest Risk
• CVE-2024-9594: Other Providers Also Affected

11) CVE-2024-9312: Ubuntu Authd Vulnerability Enables User ID Impersonation        

A vulnerability (CVE-2024-9312, CVSS 7.6) has been identified in Authd, an authentication daemon used for identity management on Ubuntu systems. This vulnerability affects versions of Authd up to 0.3.6 and allows attackers to spoof user IDs, gaining unauthorized access to target accounts.

12) Critical Zero-Day Vulnerabilities in EV Chargers Pose Shutdown and Data Theft Risks        

Critical zero-day vulnerabilities in electric vehicle (EV) chargers have revealed significant cybersecurity risks within this infrastructure. The discovered flaws could enable shutdowns, data theft, and large-scale attacks.

Two major security vulnerabilities have been identified in EV chargers:

• CVE-2024-6788 (High Severity - CVSS 8.6): This vulnerability allows unauthorized access before the firewall is fully activated, potentially disrupting the operation of the charger or leading to the theft of sensitive data.
• CVE-2024-3913 (Medium Severity - CVSS 7.5): This flaw enables the resetting of a user account password, granting attackers elevated privileges and control over the device.

13) Ivanti CSA Zero-Day Attacks Attributed to Chinese Nation-State Hackers        

Fortinet suspects that state-sponsored threat actors, possibly from China, are behind the recent exploitation of multiple zero-day vulnerabilities in Ivanti’s Cloud Services Appliance (CSA). These vulnerabilities have been used to compromise a limited number of customers' systems over the past month.

The primary vulnerability being exploited is CVE-2024-8190, which allows for remote code execution (RCE). However, exploiting this flaw requires elevated privileges. Attackers have been combining this vulnerability with other CSA bugs, including:

• CVE-2024-8963
• CVE-2024-9379
• CVE-2024-9380

14) Remote Node Crashes Triggered by CVE-2024-35202 Vulnerability in Bitcoin Core        

A critical vulnerability, identified as CVE-2024-35202, has been revealed in Bitcoin Core software, carrying a CVSS v3.0 base score of 7.5. This high-severity flaw allows remote attackers to crash Bitcoin Core nodes that are running versions prior to v25.0.

15) Iranian Hackers Exploit Windows Flaw to Elevate Privileges        

The Iranian state-sponsored hacking group APT34, also known as OilRig, has recently intensified its operations, launching new campaigns targeting government entities and critical infrastructure in the United Arab Emirates and the Gulf region.

In these attacks, OilRig deployed a new backdoor to steal credentials from Microsoft Exchange servers and exploited the Windows CVE-2024-30088 vulnerability to elevate privileges on compromised devices.