In this week's Security Advisory:
Atlassian released a patch to fix a critical vulnerability in its Confluence Data Center and Server. The critical vulnerability is being tracked as CVE-2023-22527 and received a CVSS score of 10 out of 10, the highest score a vulnerability can receive. CVE-2023-22527 is a template injection vulnerability that could allow an unauthenticated attacker to execute remote code. This vulnerability affects out-of-date versions of Confluence Data Center and Server, specifically version 8. Atlassian Cloud sites are not affected.
The following versions are affected:
More Reading / Information
Two (2) zero-days were discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are actively being exploited in the wild. CVE-2023-6548 could allow an authenticated, remote attacker to execute code on the management interface. The attacker is required to have access to either NSIP, CLIP, or SNIP and must have management interface access to successfully exploit this zero-day. CVE-2023-6549 could cause a denial-of-service (DoS) attack on vulnerable devices. CVE-2023-6549 could be exploited if the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
The following versions are affected:
Of note, NetScaler ADC and NetScaler Gateway version 12.1 reached End-of-Life and is vulnerable. Citrix cloud-based management services have been updated. Customers who use these cloud services do not need to take any further action.
More Reading / Information
Google released patches for its Desktop Browser to address multiple vulnerabilities, including one zero-day that is actively being exploited in the wild. The zero-day, CVE-2024-0519, is due to an out-of-bounds memory access issue in the Chrome V8 JavaScript engine. Successful exploitation can lead to a threat actor gaining access to sensitive data or causing the user’s browser to crash. CVE-2024-0519 has not received a CVSS score.
More Reading / Information
Threat actors are actively exploiting a critical vulnerability (CVE-2023-29357) in unpatched Microsoft SharePoint Servers. CVE-2023-29357 was previously disclosed in September 2023 and has an existing patch. It is recommended that the patch be applied to affected systems immediately if you still need to do so.
Original Security Advisory – September 27th, 2023:
A proof-of-concept exploit has been released for a critical vulnerability (CVE-2023-29357) affecting Microsoft SharePoint Server. CVE-2023-29357 was previously disclosed by Microsoft as part of their June 2023 Patch Tuesday rollout. This vulnerability could allow an unauthenticated attacker to gain administrator-level privileges. Researchers have also found a way to chain this with another remote code execution vulnerability to severely compromise the SharePoint server.
The following versions are affected:
While there is no evidence of active exploitation, it is likely that attackers will start targeting unpatched Microsoft SharePoint Servers. It is recommended that organizations apply the latest patch to mitigate this vulnerability if they have not already done so.
More Reading / Information
Juniper Networks released a patch to fix a critical vulnerability affecting the J-Web component of Junos OS on SRX Series Firewalls and EX Series Switches. The vulnerability, CVE-2024-21591, is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based attacker to execute remote code on the affected system. CVE-2024-21591 received a CVSS score of 9.8 out of a possible 10.
The following versions are affected:
More Reading / Information
GitLab fixed a critical vulnerability in its Community and Enterprise Edition that could lead to an account takeover without user interaction. The vulnerability is being tracked as CVE-2023-7028 and received a CVSS score of 10 out of 10, the highest score a vulnerability could receive. CVE-2023-7028 is a flaw in the email verification process which allows password reset emails to be sent to an unverified email address. Accounts that have two-factor authentication (2FA) enabled are not vulnerable to account takeover, however, they are vulnerable to a password reset. It is important to apply the latest patch and to implement 2FA on GitLab accounts to remove this vector.
The following versions of GitLab are affected:
More Reading / Information
Two (2) critical vulnerabilities in Apache OFBiz, an open-source enterprise resource planning system, are actively being exploited in the wild. The vulnerabilities are being tracked as CVE-2023-51467 and CVE-2023-49070, and both received a CVSS score of 9.8 out of a possible 10. CVE-2023-51467 and CVE-2023-49070 are authentication bypass vulnerabilities that could allow an attacker to execute remote code and gain access to sensitive data without having to authenticate.
The following versions are affected:
More Reading / Information
A vulnerability was discovered in Cisco Unity Connection, a unified messaging and voicemail solution, which could lead to arbitrary code execution. The vulnerability is being tracked as CVE-2024-20272 and received a CVSS score of 7.3 out of a possible 10. CVE-2024-20272 is an unauthenticated arbitrary file upload vulnerability in the web-based management interface. Successful exploitation could allow a remote, unauthenticated attacker to upload arbitrary files, execute code, and gain root privileges.
The following versions are affected:
More Reading / Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.