In this week's Security Advisory:
SolarWinds has disclosed a remote code execution vulnerability found within the SolarWinds Security Event Manager (SEM). The flaw is currently being tracked as CVE-2024-0692 with a CVSS score of 8.8 out of a possible 10. This vulnerability is caused by a deserialization issue that allows a threat actor to execute arbitrary code on an affected system without being authenticated.
Affected Versions:
More Reading/Information
VMWare has issued a security patch to fix four (4) security vulnerabilities affecting their ESXi, Workstation, Fusion, and Cloud Foundation products. Among these, two (2) vulnerabilities are classified as 'Critical' and are identified as CVE-2024-22252 and CVE-2024-22253. These critical vulnerabilities involve the XHCI USB controller, posing a risk where a malicious actor with local administrative privileges on a virtual machine could execute arbitrary code.
VMWare has clarified that while the critical exploits are confined within the ESXi VMX sandbox, code execution is anticipated on hosts with Workstation or Fusion installations.
More Reading/Information
JetBrains issued a critical patch to address two (2) authentication bypass vulnerabilities in its TeamCity On-Premise servers. TeamCity is a popular continuous integration and continuous delivery (CI/CD) server. The vulnerability designated as CVE-2024-27198, with a CVSS score of 9.8 out of 10, allows an unauthenticated attacker to bypass authentication and gain administrator privileges on the affected server. The vulnerability identified as CVE-2024-27199, with a CVSS score of 7.3 out of 10, enables unauthenticated attackers to alter the HTTPS certificate of a TeamCity server or make unauthorized modifications to the HTTPS port number. Exploiting this vulnerability could result in a denial-of-service (DOS) attack.
Versions affected:
All TeamCity On-Premise versions through 2023.11.3
More Reading/Information
Recent threat intelligence reports indicate that CVE-2024-21338, with a CVSS score of 7.8 out of 10, is being actively exploited by threat actors in the wild. This security flaw allows an adversary to gain system privileges by executing custom applications that tamper directly with the kernel. Threat groups have been observed using this exploit to achieve kernel-level access, allowing them to deactivate security tools on a compromised host.
More Reading/Information
Apple released updates to address two (2) zero-days in iOS and iPadOS. The first zero-day, CVE-2024-23225, allows a threat actor to bypass kernel memory protections due to a memory corruption issue. The second zero-day, CVE-2024-23296, is a memory corruption issue within the RTKit and can also bypass memory protections.
Affected Versions:
More Reading/Information
Android released updates to address thirty-eight (38) vulnerabilities, with two (2) given a severity rating of "Critical." The most severe is being tracked as CVE-2024-23717 and is a vulnerability in the system component that could lead to an attacker executing remote code on the affected system without requiring user interaction. These vulnerabilities affect Android OS security patch levels prior to 2024-03-05.
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.