In this week's Security Advisory:
SolarWinds has disclosed five (5) remote code execution vulnerabilities found within the SolarWinds Access Rights manager tool. CVE-2023-23479, CVE-2024-23476, and CVE-2023-40057 have been designated with a 'critical' severity while CVE-2024-23478, and CVE-2024-23477 have been given the 'high' rating.
The three vulnerabilities CVE-2024-23479, CVE-2024-23477, and CVE-2024-23476 are due to a path traversal weaknesses that can allow a threat actor to execute remote code and compromise system integrity.
Both CVE-2024-23478 and CVE-2023-40057 are vulnerabilities of the access rights manager having deserialized data that can lead to the execution of arbitrary code.
Affected Versions:
More Reading/Information
ConnectWise ScreenConnect has released an emergency patch for their "self-hosted" (or "on-prem") servers. Two vulnerabilities were recently reported directly to ConnectWise which combine to potentially allow remote code execution or exposure of confidential data. Researchers have successfully developed a proof-of-concept (POC), and recent threat intelligence indicates active exploitation attempts in the wild.
Affected Versions:
All versions up to and including ScreenConnect 23.9.7 are affected by this vulnerability.
More Reading/Information:
Recent threat intelligence indicates that the vulnerability identified as CVE-2024-21412, with a CVSS score of 8.1 out of 10, has been detected being actively exploited in the wild by adversaries. CVE-2024-21412 enables a bypass of Microsoft Defender SmartScreen, allowing threat actors to execute a zero-day attack chain that relies on a series of interconnected internet shortcut files.
This vulnerability represents a critical flaw as it circumvents Mark-of-the-Web, a Windows feature designed to assist users in identifying potentially untrustworthy files originating from the internet. Successful exploitation of this vulnerability could lead to a series of unauthorized executions on the affected system, all transpiring without the victim's awareness or the intervention of Windows Defender SmartScreen alerts.
More Reading/Information
Zoom has disclosed a Critical vulnerability being tracked as CVE-2024-24691 with a CVSS score of 9.6 out of a possible 10 regarding an input validation flaw that can allow unauthenticated threat actors to escalate privileges within the network.
Affected Versions:
More Reading/Information
Bricks Builder had discovered a critical vulnerability that enables the remote execution of malicious PHP code on susceptible websites. Known for its user-friendly features, Bricks Builder is a widely-used WordPress development theme. Tracked under CVE-2024-25600 with a CVSS score of 9.8 out of 10, this flaw is presently under active exploitation in the wild, presenting a significant risk to websites utilizing the theme.
Affected Versions:
More Reading/Information
QNAP released updates to fix two (2) critical vulnerabilities affecting several QNAP operating system versions and applications on its NAS devices, including QTS, QuTS hero, and QuTScloud. The vulnerabilities are being tracked as CVE-2023-47218 and CVE-2023-50358 and are OS command injection flaws that could allow an attacker to remote code on the affected system.
Affected Versions:
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.