In this week's Security Advisory:
- Palo Alto Patches DoS Vulnerability in Firewalls
- Apache Patches Multiple Vulnerabilities in MINA, HugeGraph, and Traffic Control
- Four-Faith Routers Vulnerable to Default Credential Vulnerability
- Malware Botnets Targeting Out-of-Date D-Link Routers
Palo Alto has announced that it has seen CVE-2024-3393 (CVSS 8.7/10) exploited in the wild. This vulnerability is a denial-of-service vulnerability where the goal is to disable the firewall and force it to reboot. This only affects devices that have DNS Security logging enabled. Patches are available for all affected versions, except for PAN-OS 11.0 which has reached the end of support.
Affected Versions
- A full list can be found here
More Reading/Information
- https://www.bleepingcomputer.com/news/security/hackers-exploit-dos-flaw-to-disable-palo-alto-networks-firewalls/
- https://www.securityweek.com/palo-alto-networks-patches-firewall-zero-day-exploited-for-dos-attacks/
Apache Patches Multiple Vulnerabilities in MINA, HugeGraph, and Traffic Control
Apache has released patches for multiple vulnerabilities affecting its MINA, HugeGraph-Server, and Traffic Control products. The most severe vulnerability is CVE-2024-52046 (CVSS 10/10) which is a remote code execution vulnerability that affects the MINA product. While users will need to upgrade the version, that alone does not fully mitigate the vulnerability. After the version is upgraded, you will need to manually set the rejection of all classes unless explicitly allowed in one of three methods, found here.
Affected Versions
- Apache HugeGraph-Server 1.0 -1.3.
- Apache Traffic Control 8.0.0 through 8.0.1.
- Apache MINA 2.0 through 2.0.26 unknown.
- Apache MINA 2.1 through 2.1.9.
- Apache MINA 2.2 through 2.2.3.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/apache-warns-of-critical-flaws-in-mina-hugegraph-traffic-control/
- https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr
- https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8
- https://lists.apache.org/thread/h2607yv32wgcrywov960jpxhvsmmlf12
Four-Faith Routers Vulnerable to Default Credential Vulnerability
A recent report has shown that vulnerability CVE-2024-12856 (CVSS 7.2/10) has been exploited in the wild against Four-Faith routers. The vulnerability allows a remote authenticated attacker to inject commands to the underlying OS of the router. If the default credentials have not been changed, an unauthorized user would be able to exploit this vulnerability.
Affected Versions
- Four-Faith F3x24 and F3x36 routers.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/hackers-exploit-four-faith-router-flaw-to-open-reverse-shells/
- https://thehackernews.com/2024/12/15000-four-faith-routers-exposed-to-new.html
Malware Botnets Targeting Out-of-Date D-Link Routers
Fortinet has released a report detailing the increased activity of two botnets targeting D-Link routers that are running out-of-date firmware versions. To gain initial access, the botnets are using known exploits for CVE-2015-2051 (CVSS 9.8/10), CVE-2019-10891 (CVSS 9.8/10), CVE-2022-37056 (CVSS 9.8/10), and CVE-2024-33112 (No CVSS yet). Once the device is compromised, the attackers can steal data and use the router for DDoS purposes.
Affected Versions
- Outdated versions of DIR-645, DIR-806, GO-RT-AC750, and DIR-845L.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/
- https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
