Technical Expertise,Security Vulnerability Advisory

May 24, 2024   •   6 minute read

Cybersafe Solutions Security Advisory Bulletin May 24, 2024

In this week's Security Advisory:

  • Critical Vulnerabilities Patched in Veeam Backup Enterprise Manager
  • Critical Vulnerability in GitHub Enterprise Server Could Allow for Authentication Bypass
  • Multiple Vulnerabilities Patched in Ivanti Products
  • Multiple Vulnerabilities Patched in SolarWinds' Access Rights Manager (ARM)
  • Rockwell Automation Issues Critical Steps to Shield Against Growing Cyber Threats
  • Security Updates Released for Google Chrome Desktop and Mozilla Products

Critical Vulnerabilities Patched in Veeam Backup Enterprise Manager

Veeam has issued a security patch that addresses four (4) vulnerabilities that affect the Veeam Backup Enterprise Manager. The most critical flaw is being tracked as CVE-2024-29849 with a CVSS rating of 9.8 out of 10, and allows an unauthenticated attacker to bypass authentication and gain access to the manager's console. Threat actors can abuse this feature to access sensitive data and modify backup jobs that can impact data restoration.

Of note, the Veeam Backup Enterprise Manager is an optional component that can be installed in client environments. The vulnerabilities discovered in the Veeam Backup Manager is only vulnerable to customers that have the manager tool deployed within their environment. 

Affected Versions:

  • V5.0 - V12.1

More Reading/Information


Critical Vulnerability in GitHub Enterprise Server Could Allow for Authentication Bypass

GitHub has disclosed a critical vulnerability within the GitHub Enterprise Server (GHES) that can lead to an attacker bypassing authentication. This flaw is currently being tracked as CVE-2024-4985 and has a maximum CVSS rating of 10. The vulnerability allows attackers to bypass authentication by forging SAML responses to gain administrator privileges that can lead to unauthorized access of sensitive data. 

This vulnerability affects all versions of GHES preceding 3.13.0 and is only exploitable where SAML Single Sign-On (SSO) is enabled with encrypted assertions. Organizations not utilizing SAML SSO, or those without the encrypted assertions feature, are not vulnerable to this threat. 

Affected Versions

  • GHES Versions Prior to 3.13.0

More Reading/Information


Multiple Vulnerabilities Patched in Ivanti Products

Ivanti has released multiple security updates to address sixteen (16) vulnerabilities impacting Ivanti Avalanche, Neurons for ITSM, Connect Secure, Secure Access, and Endpoint Manager (EPM). Among these vulnerabilities, six (6) have received a rating of "Critical" with a CVSS score of 9.6 out of 10.

CVE-2024-29822 through CVE-2024-29827 pertain to an SQL Injection vulnerability within the Ivanti Endpoint Manager that can allow an attacker to execute arbitrary code. All affected Ivanti on-premise products should be updated to their latest patches to address these vulnerabilities. 

It's worth noting that these vulnerabilities are not related to previously disclosed vulnerabilities in Ivanti's PulseSecure devices.

More Reading/Information


Multiple Vulnerabilities Patched in SolarWinds' Access Rights Manager (ARM)

SolarWinds has addressed two (2) vulnerabilities affecting its Access Rights Manager tool that can lead to remote code execution and authentication bypass. CVE-2024-28075 is a critical vulnerability with a temporary CVSS rating of 9.0 out of 10 and can allow an authenticated attacker to execute remote code due to "deserialization of untrusted data." CVE-2024-23473 has a temporary CVSS rating of 8.6 out of 10 and is a flaw that allows a threat actor to bypass authentication with hard-coded credentials. This can allow an attacker to directly access the management console for RabbitMQ without authentication and can lead to unauthorized access of sensitive data.

Affected Versions:

  • CVE-2024-28075
    • ARM Versions 2023.2.3 and Prior
  • CVE-2024-23473
    • ARM Versions 2023.2.2.30 and Prior

More Reading/Information


Rockwell Automation Issues Critical Steps to Shield Against Growing Cyber Threats

Rockwell Automation has released a security notice advising customers to remove all industrial control systems (ICS) that are connected to the public-facing internet due to an increased frequency of global cyber threats in the wild. Customers are advised to assess their internal setup and disconnect any devices that shouldn't be exposed. Additionally, Rockwell recommends ensuring all equipment is updated with the latest patches and is not susceptible to the vulnerabilities listed here: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1672.html 

More Reading/Information


Security Updates Released for Google Chrome Desktop and Mozilla Products

Security updates were released by Google and Adobe to address several vulnerabilities in each product.

Mozilla addressed one (1) vulnerability affecting Focus for iOS, with a severity rating of "High."  This vulnerability affects Focus versions prior to v126.

Google Chrome has issued a security update addressing six (6) vulnerabilities that impact Windows, Mac, and Linux operating systems.

More Reading/Information


Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.