In this week's Security Advisory:
- Palo Alto Warns of Potential PAN-OS RCE Vulnerability
- Critical VMware Vulnerability Exploited In The Wild
- Oracle Patches Agile PLM Vulnerability
- D-Link Warns of RCE Affecting EOL Devices
- Critical WordPress Plugin Vulnerability Allows Remote Attackers to Gain Admin Access
- Apple Releases New Updates to iOS and macOS
Palo Alto Warns of Potential PAN-OS Vulnerability
Palo Alto has now issued a patch for two vulnerabilities exploited in the wild. The two vulnerabilities are CVE-2024-0012 and CVE-2024-9474. Affected versions and remediation steps for the vulnerabilities can be found in the links below.
More Reading/Information
- https://security.paloaltonetworks.com/CVE-2024-0012
- https://security.paloaltonetworks.com/CVE-2024-9474
Original Advisory:
Palo Alto has released an advisory stating they are aware of a potential vulnerability that would allow for a remote unauthenticated attacker to execute code remotely via the PAN-OS management interface. Currently, Palo Alto has not seen any signs of exploitation, but they are actively monitoring for any new changes.
Affected Versions
- Potentially all Palo Alto next gen firewalls. Specifics have not been provided at this time.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-potential-pan-os-rce-vulnerability/
- https://security.paloaltonetworks.com/PAN-SA-2024-0015
- https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431
Critical VMware Vulnerability Exploited In The Wild
Broadcom has now announced that both the vulnerabilities detailed below are now being exploited in the wild. It is recommended that you patch immediately, if you have not done so already.
More Reading/Information
Original Advisory:
Broadcom has patched a critical security issue in its VMware vCenter Server. The vulnerability tracked as CVE-2024-38812 (CVSS score 9.8/10), allows unauthenticated attackers to execute remote code on the server if exploited. They also released a patch for a high-severity privilege escalation vulnerability, tracked as CVE-2024-38813 (CVSS score 7.5/10), that allows an attacker to gain root privileges. Broadcom stated they have not seen evidence of this being exploited in the wild.
Affected Versions
- VMware vCenter Server version 7.0 and 8.0
- VMware Cloud Foundation 4.x and 5.x
More Reading/Information
- https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html
- https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/
- https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Oracle Patches Agile PLM Vulnerability
This week, Oracle released a patch for a high-severity vulnerability CVE-2024-21287 (CVSS 7.5/10). This vulnerability affects Oracle's Agile Project Lifecycle Management (PLM)
Affected Versions
- Oracle Agile PLM Framework version 9.3.6
More Reading/Information
- https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/
- https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
D-Link Warns of RCE Affecting EOL Devices
D-Link announced that six of their end of life devices are vulnerable to a buffer overflow that can be exploited by remote unauthenticated attackers. No CVE was assigned to this vulnerability yet and, D-Link announced that patches will not be provided and anyone still using these routers should replace them.
Affected Versions
- DSR-150
- DSR-150N
- DSR-250
- DSR-250
- DSR-500N
- DSR-1000N
More Reading/Information
- https://www.securityweek.com/d-link-warns-of-rce-vulnerability-in-legacy-routers/
- https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415
Critical WordPress Plugin Vulnerability Allows Remote Attackers to Gain Admin Access
The WordPress plugin, Really Simple Security, has now patched a critical authentication bypass vulnerability that could allow a remote unauthenticated attacker to gain administrative privileges. This vulnerability, CVE-2024-10924 (CVSS 9.8/10), affects the paid and free versions of the product.
Affected Versions
- Free, Pro, and Pro Multisite versions 9.0.0 through 9.1.1.1
More Reading/Information
- https://www.bleepingcomputer.com/news/security/security-plugin-flaw-in-millions-of-wordpress-sites-gives-admin-access/
- https://www.cve.org/CVERecord?id=CVE-2024-10924
Apple Releases New Updates to iOS and macOS
Apple has released patches to address two zero-day vulnerabilities that were exploited on Intel-based Mac systems. These vulnerabilities were found in macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS. CVE-2024-44308 allows attackers to execute code remotely while CVE-2024-44309 allows for cross-site scripting attacks. These were both addressed in macOS Sequoia 15.1.1. Apple also released patches for vulnerabilities affecting other operating systems.
Affected Versions
- A full list of devices can be found here
More Reading/Information
- https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/
- https://support.apple.com/en-us/100100
- https://support.apple.com/en-us/121753
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.