Cybersafe Solutions Security Advisory Bulletin October 4, 2024

In this week's Security Advisory:

• Critical Vulnerability Allows Full Takeover in NVIDIA Container Toolkit
• A Vulnerability in Zimbra Collaboration Could  Allow for Remote Code Execution
• Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution
• Cisco releases Patches for Multiple High Severity Vulnerabilities
• Multiple Vulnerabilities in Foxit PDF Reader and Editor Could Allow for Arbitrary Code Execution
• Security Updates Released for Google Chrome and Mozilla Firefox

The issue tracked as CVE-2024-0132 (CVSS 9/10), allows an attacker to break out of a container and gain full access to the underlying host. After breaking out of the container, the attacker could then attempt to execute commands and steal sensitive information. Details of the exploit are currently private, but it is expected the researchers will release more details soon. Patching should be done as soon as you are able. 

Affected Versions

• All versions of NVIDIA Container Toolkit up to and including v1.16.1.
• All versions of Nvidia GPU Operator up to and including 24.6.1.

More Reading/Information

• https://www.bleepingcomputer.com/news/security/critical-flaw-in-nvidia-container-toolkit-allows-full-host-takeover
• https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html
• https://nvidia.custhelp.com/app/answers/detail/a_id/5582/~/security-bulletin%3A-nvidia-container-toolkit

A Vulnerability in Zimbra Collaboration Could Allow for Remote Code Execution

A vulnerability has been discovered in Zimbra Collaboration which could allow for remote code execution by an unauthenticated user. This is being tracked as CVE-2024-45519 and a proof of concept has been released. There are reports of it being exploited in the wild.

Affected Versions

• Zimbra Collaboration versions prior to 9.0.0 Patch 41.
• Zimbra Collaboration versions prior to 10.0.9.
• Zimbra Collaboration versions prior to 10.1.1.
• Zimbra Collaboration versions prior to 8.8.15 Patch 46.

More Reading/Information

• https://blog.projectdiscovery.io/zimbra-remote-code-execution/
• https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
• https://www.securityweek.com/critical-zimbra-vulnerability-exploited-one-day-after-poc-release/

Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution

Multiple vulnerabilities have been found in PHP, the most severe of these vulnerabilities could allow for remote code execution by an unauthenticated attacker. Successful exploitation could allow an attacker to gain privileges of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data or create new accounts with full user rights.

Affected Versions

• PHP 8.1 versions prior to 8.1.30.
• PHP 8.2 versions prior to 8.2.24.
• PHP 8.3 versions prior to 8.3.12.

More Reading/Information

• https://www.php.net/ChangeLog-8.php
• https://www.cybersecurity-help.cz/vdb/SB2024092724

Cisco releases Patches For Multiple High Severity Vulnerabilities

Cisco has released patches for eleven vulnerabilities, seven of which are high-severity and affect its IOS Software and IOS XE Software. Most of these vulnerabilities allow for an unauthenticated remote attacker the ability to exploit them. Cisco has stated they are currently unaware of any of these vulnerabilities being exploited in the wild. 

Affected Versions

• Find a full list of versions here.

More Reading/Information

• https://www.securityweek.com/cisco-patches-high-severity-vulnerabilities-in-ios-software-2/
• https://sec.cloudapps.cisco.com/security/center/publicationListing.x
• https://sec.cloudapps.cisco.com/security/center/publicationListing.x

Multiple Vulnerabilities in Foxit PDF Reader and Editor Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Foxit PDF Reader and Editor, the most severe of which could result in arbitrary code execution. A successful exploitation of the most severe vulnerability could lead to a compromised user account, which could lead to privilege escalation attempts. There are currently no reports of these vulnerabilities being exploited in the wild.

Affected Versions

• A full list can be found here.

More Reading/Information

• https://www.foxit.com/support/security-bulletins.html

Security Updates Released for Google Chrome and Mozilla Firefox

Multiple vulnerabilities have been discovered in Google Chrome and successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. There are currently no reports of these vulnerabilities being exploited in the wild.

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which  could allow for arbitrary code execution. The level of severity is dependent upon the user's privileges. 

Affected Versions

• Chrome prior to 129.0.6668.89/.90 for Windows and Mac.
• Chrome prior to 129.0.6668.89 for Linux.
• Firefox ESR versions prior to 115.16.
• Firefox ESR versions prior to 128.3.
• Thunderbird versions prior to 131.
• Thunderbird versions prior to 128.3.
• Firefox versions prior to 131.

More Reading/Information

• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html
• https://www.mozilla.org/en-US/security/advisories/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.