In this week's Security Advisory:
- Apache Tomcat Patches Critical Remote Code Execution Vulnerability
- Multiple Critical Vulnerabilities in Sophos Firewall
- Fortinet Patches Critical FortiWLM Vulnerability
- WordPress Patches Multiple Critical Vulnerabilities in WPLMS and VibeBP Plugins
- Security Updates Released for Google Chrome and Adobe ColdFusion
Apache Tomcat is an open-source web server that delivers web content to users via the Internet. The vulnerability, CVE-2024-56337, addresses an incomplete mitigation for CVE-2024-50379 (CVSS 9.8/10) which was a critical code execution vulnerability. The incomplete patch was originally released on December 17th.
Affected Versions
- Apache Tomcat 11.0.0-M1 to 11.0.1.
- Apache Tomcat 10.1.0-M1 to 10.1.33.
- Apache Tomcat 9.0.0M1 to 9.0.97.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/apache-fixes-remote-code-execution-bypass-in-tomcat-web-server/
- https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
Multiple Critical Vulnerabilities in Sophos Firewall
Sophos has patched three vulnerabilities affecting its firewall product. The first critical vulnerability, CVE-2024-12727 (CVSS 9.8/10), can allow a remote unauthenticated attacker to execute an SQL injection into the firewall's email protection feature. This could lead to access to the reporting database. The second critical vulnerability, CVE-2024-12728 (CVSS 9.8/10), leaves systems where SSH is enabled vulnerable to unauthorized access due to predictable credentials.
Affected Versions
- Sophos Firewall version 21.0 GA (21.0.0) and older.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/sophos-discloses-critical-firewall-remote-code-execution-flaw/
- https://support.sophos.com/support/s/article/KBA-000010084?language=en_US
Fortinet Patches Critical FortiWLM Vulnerability
This vulnerability, CVE-2023-34990 (CVSS 9.6/10), is a path traversal issue that can be exploited remotely without authentication. The web session ID token of authenticated users remains static, which allows an attacker the ability to use the token to retrieve log files to impersonate an administrator. Fortinet has not announced if it has seen this exploited in the wild.
Affected Versions
- FortiWLM 8.6.0 through 8.6.5.
- FortiWLM 8.5.0 through 8.5.4.
More Reading/Information
- https://www.securityweek.com/fortinet-patches-critical-fortiwlm-vulnerability/
- https://fortiguard.fortinet.com/psirt/FG-IR-23-144
WordPress Patches Multiple Critical Vulnerabilities in WPLMS and VibeBP Plugins
The WPLMS theme is a learning management system (LMS) used primarily by educational institutions or e-learning providers. The two plugins had a total of eighteen (18) vulnerabilities, ten (10) of which were critical and high-severity vulnerabilities. The issues rage from privileged account creation without prior authentication to remote code execution and bypassing file upload restrictions.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/premium-wplms-wordpress-plugins-address-seven-critical-flaws/
- https://nvd.nist.gov/vuln/detail/CVE-2024-56049
Security Updates Released for Google Chrome and Adobe ColdFusion
Google Chrome announced the release of Chrome 131.0.6778.205 for Windows and Mac and 131.0.6778.204 for Linux. These updates addressed five (5) new vulnerabilities. The most severe vulnerability, CVE-2024-12692 (CVSS TBD), could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Adobe has released a patch for a high-severity vulnerability in its ColdFusion product. This vulnerability, CVE-2024-53961 (CVSS 7.4/10), is a directory traversal issue.
More Reading/Information
- https://www.securityweek.com/chrome-131-update-patches-high-severity-memory-safety-bugs/
- https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
