In this week's Security Advisory:
- SolarWinds Patches Five Critical Remote Code Execution Vulnerabilities
- ConnectWise Patches Two Critical Flaws within ScreenConnect
- Critical Zero-Day Vulnerability in Microsoft Defender SmartScreen
- Critical Privilege Escalation Vulnerability in Windows Zoom Desktop, Zoom VDI, and Zoom Meeting SDK
- Critical Remote Code Execution Vulnerability Exploited in Bricks WordPress Site Builder
- QNAP Patches Two Critical Vulnerabilities (CVE-2023-47218 and CVE-2023-50358)
SolarWinds Patches Five Critical Remote Code Execution Vulnerabilities
SolarWinds has disclosed five (5) remote code execution vulnerabilities found within the SolarWinds Access Rights manager tool. CVE-2023-23479, CVE-2024-23476, and CVE-2023-40057 have been designated with a 'critical' severity while CVE-2024-23478, and CVE-2024-23477 have been given the 'high' rating.
The three vulnerabilities CVE-2024-23479, CVE-2024-23477, and CVE-2024-23476 are due to a path traversal weaknesses that can allow a threat actor to execute remote code and compromise system integrity.
Both CVE-2024-23478 and CVE-2023-40057 are vulnerabilities of the access rights manager having deserialized data that can lead to the execution of arbitrary code.
Affected Versions:
- SolarWinds Access Rights Manager (ARM) 2023.2.2 and prior versions
More Reading/Information
- https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bugs-in-access-rights-audit-solution/
- https://www.solarwinds.com/trust-center/security-advisories
- https://www.helpnetsecurity.com/2024/02/19/solarwinds-arm-platform-vulnerabilities/
ConnectWise Patches Two Critical Flaws within ScreenConnect
ConnectWise ScreenConnect has released an emergency patch for their "self-hosted" (or "on-prem") servers. Two vulnerabilities were recently reported directly to ConnectWise which combine to potentially allow remote code execution or exposure of confidential data. Researchers have successfully developed a proof-of-concept (POC), and recent threat intelligence indicates active exploitation attempts in the wild.
Affected Versions:
All versions up to and including ScreenConnect 23.9.7 are affected by this vulnerability.
More Reading/Information:
- https://thehackernews.com/2024/02/critical-flaws-found-in-connectwise.html
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
- https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/
- https://www.helpnetsecurity.com/2024/02/20/connectwise-screenconnect-vulnerabilities/
Critical Zero-Day Vulnerability in Microsoft Defender SmartScreen
Recent threat intelligence indicates that the vulnerability identified as CVE-2024-21412, with a CVSS score of 8.1 out of 10, has been detected being actively exploited in the wild by adversaries. CVE-2024-21412 enables a bypass of Microsoft Defender SmartScreen, allowing threat actors to execute a zero-day attack chain that relies on a series of interconnected internet shortcut files.
This vulnerability represents a critical flaw as it circumvents Mark-of-the-Web, a Windows feature designed to assist users in identifying potentially untrustworthy files originating from the internet. Successful exploitation of this vulnerability could lead to a series of unauthorized executions on the affected system, all transpiring without the victim's awareness or the intervention of Windows Defender SmartScreen alerts.
More Reading/Information
- https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412
- https://www.darkreading.com/vulnerabilities-threats/attackers-exploit-microsoft-security-bypass-zero-day-bugs
Critical Privilege Escalation Vulnerability in Windows Zoom Desktop, Zoom VDI, and Zoom Meeting SDK
Zoom has disclosed a Critical vulnerability being tracked as CVE-2024-24691 with a CVSS score of 9.6 out of a possible 10 regarding an input validation flaw that can allow unauthenticated threat actors to escalate privileges within the network.
Affected Versions:
- Zoom Desktop Client for Windows before version 5.16.5
- Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
- Zoom Rooms Client for Windows before version 5.17.0
- Zoom Meeting SDK for Windows before version 5.16.5
More Reading/Information
- https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/
- https://www.bleepingcomputer.com/news/security/zoom-patches-critical-privilege-elevation-flaw-in-windows-apps/
- https://threatprotect.qualys.com/2024/02/15/improper-input-validation-vulnerability-in-zoom-windows-apps-cve-2024-24691/
Critical Remote Code Execution Vulnerability Exploited in Bricks WordPress Site Builder
Bricks Builder had discovered a critical vulnerability that enables the remote execution of malicious PHP code on susceptible websites. Known for its user-friendly features, Bricks Builder is a widely-used WordPress development theme. Tracked under CVE-2024-25600 with a CVSS score of 9.8 out of 10, this flaw is presently under active exploitation in the wild, presenting a significant risk to websites utilizing the theme.
Affected Versions:
- All versions prior to 1.9.6.1
More Reading/Information
- https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-rce-flaw-in-bricks-wordpress-site-builder/
- https://bricksbuilder.io/release/bricks-1-9-6-1/
- https://www.spiceworks.com/it-security/vulnerability-management/news/websites-impacted-wordpress-theme-vulnerability/
QNAP Patches Two Critical Vulnerabilities (CVE-2023-47218 and CVE-2023-50358)
QNAP released updates to fix two (2) critical vulnerabilities affecting several QNAP operating system versions and applications on its NAS devices, including QTS, QuTS hero, and QuTScloud. The vulnerabilities are being tracked as CVE-2023-47218 and CVE-2023-50358 and are OS command injection flaws that could allow an attacker to remote code on the affected system.
Affected Versions:
- QTS 5.1.x
- QTS 5.0.1
- QTS 5.0.0
- QTS 4.5.x or 4.4.x
- QTS 4.3.6 or 4.3.5
- QTS 4.3.4
- QTS 4.3.x
- QTS 4.2.x
- QuTS hero h5.1.x
- QuTS hero h5.0.1
- QuTS hero h5.0.0
- QuTS hero h4.x
- QUTScloud c5.x
More Reading/Information
- https://www.helpnetsecurity.com/2024/02/14/cve-2023-47218-cve-2023-50358/
- https://www.qnap.com/en-us/security-advisory/qsa-23-57
- https://cybersecuritynews.com/qnap-0-day-flaw/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.