Technical Expertise,Security Vulnerability Advisory

February 16, 2024   •   4 minute read

Cybersafe Solutions Security Advisory Bulletin Feb. 16, 2024

In this week's Security Advisory:

  • Critical Vulnerabilities in Cisco Expressway Gateways
  • Critical Vulnerabilities in FortiSIEM Allows for Remote Code Execution
  • Microsoft Patch Tuesday Fixes Several Zero-Days and Critical Vulnerabilities
  • Security Updates Released for Google Chrome Desktop Browser and Adobe

Critical Vulnerabilities in Cisco Expressway Gateways

Cisco has recently disclosed the discovery of several vulnerabilities impacting its Expressway Series collaboration gateways.  The first two vulnerabilities identified as CVE-2024-20252 and CVE-2024-20254 can enable an unauthenticated remote attacker to exploit weak Cross-Site Request Forgery protections by deceiving victims into clicking on a meticulously crafted link.  This action grants the attacker the ability to execute various actions on behalf of the user.  If successfully exploited, potential threats may include alternating system configurations and establishing new administrator accounts for the purposes of privilege escalation and persistence.

The third vulnerability, CVE-2024-20255, allows a remote attacker to alter settings on vulnerable systems, triggering a system reboot and leading to a denial-of-service scenario.

More Reading/Information


Critical Vulnerabilities in FortiSIEM Allows for Remote Code Execution

Fortinet announced two critical vulnerabilities in its FortiSIEM report server. Identified as 2024-23108 and CVE-2024-23109, remote unauthenticated attackers are able to exploit the FortiSIEM systems by sending well-crafted API requests to an affected system.  Fortinet has clarified that CVE-2024-23108 and CVE-2024-23109 are patch bypasses to a previously observed issue in CVE-2023-34992.

More Reading/Information


Microsoft Patch Tuesday Fixes Several Zero-Days and Critical Vulnerabilities

Microsoft addressed seventy-three (73) vulnerabilities in its February 2024 Patch Tuesday release.  Of the vulnerabilities disclosed, five (5) vulnerabilities received a severity rating of "Critical."

Of note, there are two vulnerabilities that are actively being exploited in the wild tracked as CVE-2024-21351 (CVSS score: 7.6) and CVE-2024-21412 (CVSS score: 8.1).

CVE-2024-21351 allows attackers to insert custom code into Windows SmartScreen, facilitating the execution of unauthorized commands.  A successful exploitation of this vulnerability can allow threat actors to circumvent the SmartScreen's reputation validation mechanism, which typically assesses files downloaded from the internet via the Mark of the Web (MOTW) feature.

CVE-2024-21412 can allow an unauthenticated attacker to bypass windows security features by altering internet shortcut files.

**Other vulnerabilities of note that have not yet been observed in the wild**

CVE-2024-21410 is a privilege elevation vulnerability that can allow an attacker to authenticate as the victim user's NTLM credentials through an NTLM relay or pass-the-hash attack.

CVE-2024-21413 is a remote code execution vulnerability that allows attackers to bypass the Office protected view and initiate file opening in editing mode.  Please be advised that this exploit also allows code execution to occur within the preview pane.

More Reading/Information


Security Updates Released for Google Chrome Desktop Browser and Adobe Products

Google released a security update to fix one (1) high-severity vulnerability in its Chrome Desktop Browser for Windows, Mac, and Linux.

Adobe had over thirty (30) vulnerabilities, with sixteen (16) vulnerabilities given a severity rating of "Critical".  These vulnerabilities affect Adobe Commerce, Substance 3D Painter, Acrobat, FrameMaker Publishing Server, Audition, and Substance 3D Designer.

More Reading/Information


Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.