In this week's Security Advisory:
Last month, Veeam released updates for a critical vulnerability, CVE-2024-40711, that allows an unauthenticated attacker to exploit systems remotely. As an update to our original advisory below, a Proof of Concept has been released and there are now reports of public exploitation attempts. It is highly recommended that you ensure you have patched appropriately.
Original Advisory:
Veeam has issued security updates for multiple products in its September 2024 security bulletin, addressing 18 high and critical severity vulnerabilities in Veeam Backup & Replication, Service Provider Console, and One. The most critical flaw, tracked as CVE-2024-40711 (CVSS score 9.8 out of 10), is a remote code execution vulnerability that can be exploited without authentication.
Affected Versions
More Reading/Information
A critical Fortinet RCE is now being exploited in the wild. The critical vulnerability tracked as CVE-2024-23113 has a 9.8/10 rating and allows a remote unauthenticated attacker to execute arbitrary code. The original patch for this was released in February of this year. If you have not upgraded to that version, it is highly recommended that you do so now.
Original Advisory
Fortinet announced two critical vulnerabilities in its FortiSIEM report server. Identified as 2024-23108 and CVE-2024-23109, remote unauthenticated attackers are able to exploit the FortiSIEM systems by sending well-crafted API requests to an affected system. Fortinet has clarified that CVE-2024-23108 and CVE-2024-23109 are patch bypasses to a previously observed issue in CVE-2023-34992.
Affected Versions
More Reading/Information
A Proof of Concept is now available for multiple vulnerabilities in Palo Alto Expedition. There are five new vulnerabilities in total, three critical and two high severities. These vulnerabilities can be chained with CVE-2024-5910 and allow attackers to hijack PAN-OS firewalls. When combined, these vulnerabilities can reveal usernames, cleartext passwords, device configurations, and API keys of PAN-OS firewalls. Our original advisory reflected updating to Palo Expedition 1.2.96. Due to the new vulnerabilities, we recommend updating to Palo Expedition 1.2.96.
Original Advisory:
Security updates were released by Palo Alto Networks to address a critical vulnerability within Palo Alto Expedition, a migration software used to import configuration data. The flaw is being tracked as CVE-2024-5910 with a CVSS score of 9.3 out of 10 and allows an attacker to gain unauthorized access due to missing authentication standards. Successful exploitation can allow a threat actor to gain sensitive information from data imported into Expedition. Customers should update to the latest patch before using the tool for any data migration to prevent unauthorized access of information.
Affected Versions
More Reading/Information
GitLab released a critical patch for a vulnerability that allows unauthorized users to deploy Continuous Integration/Continuous Delivery (CI/CD) pipelines on arbitrary branches. The vulnerability is tracked as CVE-2024-9164 (CVSS 9.6) and only affects GitLab's Enterprise Edition (EE). However, several other vulnerabilities affecting their Community Edition (CE) were addressed within their security bulletin as well.
Affected Versions
More Reading/Information
On Tuesday, Oracle released patches addressing over two hundred unique vulnerabilities in many of their products. One hundred eighty-six (186) of these vulnerabilities can be exploited by unauthenticated remote users. Oracle made note that they have seen customers fall victim to outside attackers due to not patching in a timely manner.
Affected Versions
More Reading/Information
GitHub has released patches for a critical severity vulnerability, CVE-2024-9487 (CVSS 9.5/10), that allows an unauthenticated user access to the Enterprise server and potentially gain administrative access. This is done by bypassing the SAML SSO authentication and provisioning access to new users.
Affected Versions
More Reading/Information
Juniper released patches for dozens of high-severity vulnerabilities in Junos OS and Junos OS Evolved operating systems. Unauthenticated attackers can send malformed packets to cause denial-of-service conditions, access sensitive information, bypass firewalls, or access sensitive information.
Affected Versions
More Reading/Information
The owner of Jetpack, Automattic, announced that during an internal audit, they came across a vulnerability that has existed since 2016. The vulnerability allows a logged-in user to access information others submit on that site. They have now released updated versions of Jetpack to remediate this issue. Automattic states that they have not observed any exploitation of this issue.
Affected Versions
More Reading/Information
This week, Splunk released patches for eleven vulnerabilities in Splunk Enterprise. Two of the vulnerabilities, CVE-2024-45733 and CVE-2024-45731, can lead to unauthorized code execution. Both vulnerabilities require access to a lower-privileged user account on the system.
Affected Versions
More Reading/Information
Mozilla has released a critical update to its Thunderbird product to address a vulnerability that allowed for arbitrary code execution. There have been reports of this vulnerability being exploited in the wild. Mozilla has also addressed other vulnerabilities in Firefox in recent days.
Chrome has released updates addressing seventeen vulnerabilities, the most severe is a high-severity vulnerability tracked as CVE-2024-9954 which could allow for arbitrary code execution.
Affected Versions
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.