In this week's Security Advisory:
Palo Alto has now issued a patch for two vulnerabilities exploited in the wild. The two vulnerabilities are CVE-2024-0012 and CVE-2024-9474. Affected versions and remediation steps for the vulnerabilities can be found in the links below.
More Reading/Information
Original Advisory:
Palo Alto has released an advisory stating they are aware of a potential vulnerability that would allow for a remote unauthenticated attacker to execute code remotely via the PAN-OS management interface. Currently, Palo Alto has not seen any signs of exploitation, but they are actively monitoring for any new changes.
Affected Versions
More Reading/Information
Broadcom has now announced that both the vulnerabilities detailed below are now being exploited in the wild. It is recommended that you patch immediately, if you have not done so already.
More Reading/Information
Original Advisory:
Broadcom has patched a critical security issue in its VMware vCenter Server. The vulnerability tracked as CVE-2024-38812 (CVSS score 9.8/10), allows unauthenticated attackers to execute remote code on the server if exploited. They also released a patch for a high-severity privilege escalation vulnerability, tracked as CVE-2024-38813 (CVSS score 7.5/10), that allows an attacker to gain root privileges. Broadcom stated they have not seen evidence of this being exploited in the wild.
Affected Versions
More Reading/Information
This week, Oracle released a patch for a high-severity vulnerability CVE-2024-21287 (CVSS 7.5/10). This vulnerability affects Oracle's Agile Project Lifecycle Management (PLM)
Affected Versions
More Reading/Information
D-Link announced that six of their end of life devices are vulnerable to a buffer overflow that can be exploited by remote unauthenticated attackers. No CVE was assigned to this vulnerability yet and, D-Link announced that patches will not be provided and anyone still using these routers should replace them.
Affected Versions
More Reading/Information
The WordPress plugin, Really Simple Security, has now patched a critical authentication bypass vulnerability that could allow a remote unauthenticated attacker to gain administrative privileges. This vulnerability, CVE-2024-10924 (CVSS 9.8/10), affects the paid and free versions of the product.
Affected Versions
More Reading/Information
Apple has released patches to address two zero-day vulnerabilities that were exploited on Intel-based Mac systems. These vulnerabilities were found in macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of macOS. CVE-2024-44308 allows attackers to execute code remotely while CVE-2024-44309 allows for cross-site scripting attacks. These were both addressed in macOS Sequoia 15.1.1. Apple also released patches for vulnerabilities affecting other operating systems.
Affected Versions
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.