What Happened Over the Week? | CVEs Edition
Hello, hello cyber-securiters. This is a special edition for CVEs. You need lots of updates this week. The cyber-world is shaking.
Here is a catch-up for you. Let's start.
1) CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses
A recently discovered vulnerability in the popular remote desktop software AnyDesk, identified as CVE-2024-52940, allows attackers to uncover users' IP addresses, posing serious privacy and security risks. This flaw is tied to AnyDesk’s “Allow Direct Connections” feature on Windows systems.
AnyDesk versions 8.1.0 and below are impacted.
2) CVE-2024-52067: Apache NiFi Debug Logs Vulnerability
A newly identified vulnerability in Apache NiFi, tracked as CVE-2024-52067, has been found to potentially expose sensitive parameter values in debug logs, risking the confidentiality of critical information. The vulnerability affects Apache NiFi versions 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4.
Update to Apache NiFi 2.0.0 or 1.28.1, which removes parameter value logging from the flow synchronization process regardless of the Logback configuration.
3) CVE-2024-9478 & CVE-2024-9479: Critical Vulnerabilities in upKeeper Instant Privilege Access Resolved
upKeeper, a provider of privileged access management solutions, has resolved two critical vulnerabilities in its Instant Privilege Access (IPA) product. Identified as CVE-2024-9478 and CVE-2024-9479, these vulnerabilities received a CVSSv4 score of 10, highlighting their severe impact on affected systems.
CVE-2024-9478:
CVE-2024-9479:
4) NVIDIA Patches Critical Vulnerability in Base Command Manager
NVIDIA has released a critical security update for its Base Command Manager software, addressing a severe vulnerability identified as CVE-2024-0138. This flaw, which carries a CVSS score of 9.8, affects the CMDaemon component and could allow attackers to execute code, escalate privileges, and manipulate sensitive data.
Details of the Vulnerability
According to NVIDIA’s security bulletin, this vulnerability could lead to:
This issue specifically affects NVIDIA Base Command Manager version 10.24.09.
5) Critical WorkflowKit Vulnerability: CVE-2024-27821
A significant vulnerability in WorkflowKit, tracked as CVE-2024-27821 and referred to as the “WorkflowKit Race Vulnerability,” has been identified. This flaw allows malicious apps to intercept and modify shortcut files during the import process. The issue arises from a race condition in the handling of temporary directories used during shortcut extraction.
6) Critical Remote Code Execution Vulnerability Found in D-Link EOL Routers
D-Link has issued a security advisory regarding a critical vulnerability affecting several End-of-Life (EOL) and End-of-Service (EOS) router models. This stack buffer overflow vulnerability allows unauthenticated attackers to execute remote code, potentially taking full control of the affected devices.
Affected Models:
领英推荐
7) CVE-2024-10220: Critical Kubernetes Flaw Enables Arbitrary Command Execution
A high-severity vulnerability has been identified in Kubernetes, allowing attackers to execute arbitrary commands outside container boundaries. Tracked as CVE-2024-10220 and assigned a CVSS score of 8.1, this flaw specifically affects Kubernetes clusters running certain versions of kubelet.
The vulnerability exploits the gitRepo volume, a feature designed to clone Git repositories into pods. By tampering with the hooks folder within a target repository, attackers can bypass container restrictions and execute commands in unauthorized areas.
The following versions of kubelet are impacted:
8) Helldown Ransomware Targets Zyxel VPN Vulnerability
The Helldown ransomware operation exploits vulnerabilities in Zyxel firewalls, specifically targeting IPSec VPNs. Researchers hypothesize that Helldown leverages CVE-2024-42057, a command injection vulnerability that allows attackers to execute OS commands through specially crafted usernames in User-Based-PSK mode.
This flaw, present in firmware version 5.38, was patched in version 5.39. However, Helldown appears to utilize private n-day exploits to take advantage of this vulnerability. Attackers exploit the flaw to establish secure connections, access domain controllers, disable endpoint defenses, and move laterally within compromised networks.
9) Progress Kemp LoadMaster Vulnerability Added to CISA's Exploited Flaws Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical operating system command injection vulnerability in the Progress Kemp LoadMaster product to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2024-1212, this vulnerability allows unauthenticated remote attackers to execute arbitrary commands through the LoadMaster management interface. The vulnerability has been assigned the highest CVSS v3.1 severity score of 10.0.
Progress Kemp LoadMaster versions:
10) CVE-2024-21697: Remote Code Execution Vulnerability in Atlassian Sourcetree
Atlassian has disclosed a high-severity remote code execution (RCE) vulnerability, tracked as CVE-2024-21697, in its Sourcetree application for both Mac and Windows. This vulnerability, with a CVSS score of 8.8, poses significant risks to system confidentiality, integrity, and availability.
Introduced in:
Threat.Watch: Uncover Your Cyber Security Health
?? Do you want to get preliminary findings ???about your company's security posture?
Learn more insights with;
?? 1B+ Credentials in Compromised Devices,
??146B+ Breached Accounts,
??22M+ Phishing Addresses and
??305M+ Darkweb Contents.
Get your free report to learn more about your company's security health: https://threat.watch/