In this week's Security Advisory:
- Microsoft Releases November Patch Tuesday Addressing Multiple Zero Days
- Cisco Patches Critical Command Injection Vulnerability in November Patch Cycle
- Ivanti Patches Eight Critical Vulnerabilities in Multiple Products
- Citrix Patches High Severity Vulnerability in NetScaler ADC and Gateway
- Siemens Releases Patches for Seven Critical Vulnerabilities
- Fortinet Releases Updates for Multiple Vulnerabilities
- Veeam Releases Hotfix for Backup Enterprise Manager Vulnerability
- SAP Releases Patches for Multiple Products
- Security Updates Released for Google Chrome, Adobe Products, and Zoom
Tuesday Microsoft announced patches for ninety-one (91) vulnerabilities, including four zero days, two of which are under active exploitation. The two being actively exploited are CVE-2024-43451 and CVE-2024-49039, the first of which can expose NTLM hashes and allow an attacker to authenticate as the affected user. The second is a medium severity vulnerability that can lead to a privilege escalation.
Affected Versions
- A full list of affected versions can be found here
More Reading/Information
- https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2024-patch-tuesday-fixes-4-zero-days-91-flaws/
- https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov
Cisco Patches Critical Command Injection Vulnerability in November Patch Cycle
Cisco announced patches for fifteen (15) vulnerabilities, the most critical is CVE-2024-20418 (CVSS 10/10). This vulnerability allows an unauthenticated remote attacker to inject commands into the operating system. A successful exploitation of this vulnerability would allow an attacker to execute these commands with root privileges. This patch cycle also addressed two high and twelve medium severity vulnerabilities.
Affected Versions
- A full list of affected Cisco Devices can be found here
More Reading/Information
- https://www.securityweek.com/cisco-patches-critical-vulnerability-in-industrial-networking-solution/
- https://sec.cloudapps.cisco.com/security/center/publicationListing.x
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs
Ivanti Patches Eight Critical Vulnerabilities in Multiple Products
Ivanti released patches for fifty (50) total vulnerabilities including eight critical. The most concerning is CVE-2024-50330 (CVSS 9.8/10), this vulnerability can allow an unauthenticated remote attacker to execute code remotely into the Ivanti Endpoint Manager via an SQL injection. The seven other critical vulnerabilities require at least admin permissions to be executed.
Affected Versions
- A full list can be found here
More Reading/Information
- https://www.securityweek.com/ivanti-patches-50-vulnerabilities-across-several-products/
- https://www.ivanti.com/blog/november-2024-security-update
Citrix Patches High Severity Vulnerability in NetScaler ADC and Gateway
Citrix released patches for multiple vulnerabilities affecting its NetScaler ADC and NetScaler Gateway, the most severe is a high-severity vulnerability which could lead to memory corruption or denial-of-service. This only impacts gateways with the RDP feature enabled, have an RDP proxy server, or are configured as an auth server with RDP enabled.
Affected Versions
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-29.72.
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-55.34.
- NetScaler ADC 13.1-FIPS before 13.1-37.207.
- NetScaler ADC 12.1-FIPS before 12.1-55.321.
- NetScaler ADC 12.1-NDcPP before 12.1-55.321.
More Reading/Information
- https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535
- https://www.securityweek.com/citrix-fortinet-patch-high-severity-vulnerabilities/
Siemens Releases Patches for Seven Critical Vulnerabilities
Siemens has released patches for twenty-six (26) total vulnerabilities, including seven (7) critical severity vulnerabilities. These affect several products, but the most severe is a Deserialization Vulnerability in TeleControl Server Basic. This vulnerability has a CVSS 10/10 and allows an unauthenticated remote attacker to execute arbitrary code on the device.
Affected Versions
A full list can be found here
More Reading/Information
- https://www.siemens.com/global/en/products/services/cert.html?d=2024-11#SiemensSecurityAdvisories
- https://www.securityweek.com/ics-patch-tuesday-security-advisories-released-by-cisa-schneider-siemens-rockwell/
Fortinet Releases Updates for Multiple Vulnerabilities
Fortinet released patches for eleven (11) vulnerabilities, two (2) of which were high severity. The first vulnerability, CVE-2023-50176 (CVSS 7.1/10), could allow an unauthenticated attacker to hijack user sessions in FortiOS by phishing SAML link. The second, CVE-2024-23666 (CVSS 7.1/10) could allow an authenticated attacker with at least read-only permissions the ability to execute requests on multiple Fortinet products.
Affected Versions
A full list of affected versions can be found here
More Reading/information
- https://www.securityweek.com/citrix-fortinet-patch-high-severity-vulnerabilities/
- https://www.fortiguard.com/psirt
Veeam Releases Hotfix for Backup Enterprise Manager Vulnerability
Veeam has announced a hotfix for its Backup Enterprise Manager to mitigate vulnerability CVE-2024-40715 (CVSS 7.7). This vulnerability allows a remote attacker to bypass authentication by performing a Man-in-the-Middle attack. Veeam's advisory makes note that the hotfix will not change the build number, but it does include details of how you can ensure the hotfix was run successfully.
Affected Versions
Veeam Backup Enterprise Manager 12.2.0.334 and earlier.
More Reading/Information
- https://www.securityweek.com/veeam-patches-high-severity-vulnerability-as-exploitation-of-previous-flaw-expands/
- https://www.veeam.com/kb4682
SAP Releases Patches for Multiple Products
SAP announced patches for multiple vulnerabilities, the two (2) most severe affect its Web Dispatcher and PDCE. The first vulnerability, CVE-2024-47590 (CVSS 8.8/10), allows an unauthenticated attacker to compromise the Web Dispatcher server via cross-site scripting and allow them to execute arbitrary code. The second vulnerability, CVE-2024-39592 (CVSS 7.7/10), could allow an authenticated remote attacker to escalate their privileges within the system.
Affected Versions
A full list of affected versions can be found here
More Reading/Information
- https://www.securityweek.com/sap-patches-high-severity-vulnerability-in-web-dispatcher/
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2024.html
Security Updates Released for Google Chrome, Adobe Products, and Zoom
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. There are currently no reports of these vulnerabilities being exploited in the wild.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. There are currently no reports of these vulnerabilities being exploited in the wild.
Zoom released patches for multiple vulnerabilities, the most severe is CVE-2024-45421 (CVSS 8.5/10) which could lead to a buffer overflow allowing an authenticated user to escalate their privileges.
Affected Versions
- Chrome prior to 131.0.6778.70 for Windows and Mac
- Chrome prior to 131.0.6778.69 for Linux
- A full list of affected Adobe products can be found here
- A full list of affected Zoom products can be found here
More Reading/Information
- https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html
- https://helpx.adobe.com/security/Home.html
- https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=null
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
