Cybersafe Solutions Security Advisory Bulletin November 29, 2024

In this week's Security Advisory:

• 7-Zip Patches Critical Code Execution Vulnerability
• VMware Patches Multiple High Severity Vulnerabilities in Aria Operations
• Critical Vulnerabilities in CleanTalk WordPress Plugin Patched
• QNAP Addresses Multiple Critical Vulnerabilities
• Multiple Security Updates Released for Mozilla Products

7-zip recently patched vulnerability CVE-2024-11477 which allows remote attackers to execute arbitrary code on affected versions of 7-zip. Interaction with the library is required to exploit the vulnerability but attack vectors can vary. This specific flaw exists within the implementation of Zstandard decompression.

Affected Versions

• 7-zip versions before 24.07.

More Reading/Information

• https://linuxsecurity.com/news/security-vulnerabilities/7-zip-urgent-update-code-execution-flaw
• https://nvd.nist.gov/vuln/detail/CVE-2024-11477

VMware Patches Multiple High Severity Vulnerabilities in Aria Operations

VMware released a high-severity bulletin on Tuesday that contained patches for five new vulnerabilities. Two of these, CVE-2024-38830 and CVE-2024-38831, are privilege escalation vulnerabilities that someone with local admin privileges can exploit. Currently, there are no workarounds, so users are urged to apply the patches.

Affected Versions

• VMware Aria Operations version 8.x.
• VMware Cloud Foundation versions 4.x and 5.x.

More Reading/Information

• https://www.securityweek.com/vmware-patches-high-severity-vulnerabilities-in-aria-operations/
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199

Critical Vulnerabilities in CleanTalk WordPress Plugin Patched

Two vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781 (CVSS 9.8/10), were patched by CleanTalk. Both affect its Spam Protection, Anti-Spam, and Firewall plugin and both can be exploited remotely by an unauthenticated user. Two of the check functions in the plugin check for the originating IP address and DNS, but they are vulnerable to spoofing, which can then allow an attacker to bypass authentication.

Affected Versions

• Versions before version 6.4.5.

More Reading/Information

• https://www.securityweek.com/critical-vulnerabilities-found-in-anti-spam-plugin-used-by-200000-wordpress-sites/
• https://www.wordfence.com/blog/2024/11/200000-wordpress-sites-affected-by-unauthenticated-critical-vulnerabilities-in-anti-spam-by-cleantalk-wordpress-plugin/

QNAP Addresses Multiple Critical Vulnerabilities

QNAP released a security bulletin this week that addressed multiple vulnerabilities including three critical severity vulnerabilities.  These vulnerabilities affect multiple different QNAP applications.

Affected Versions

• A full list of affected versions can be found here

More Reading/Information

• https://www.bleepingcomputer.com/news/security/qnap-addresses-critical-flaws-across-nas-router-software/
• https://www.qnap.com/en-us/security-advisories

Multiple Security Updates Released for Mozilla Products

Mozilla has released updates to Firefox and Thunderbird to address multiple vulnerabilities, most severe of which can lead to remote code execution. There are currently no reports of these being exploited in the wild. 

Affected Versions

• Firefox ESR versions before 115.18.
• Firefox ESR versions before 128.5.
• Thunderbird versions before 133.
• Thunderbird versions before 128.5.
• Firefox versions before 133.
• Firefox for iOS versions before 133.

More Reading/Information

• https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-mozilla-products-could-allow-for-arbitrary-code-execution_2024-132
• https://www.mozilla.org/en-US/security/advisories/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.