In this week's Security Advisory:
- Security Advisory Update: Check Point Issues a Security Patch for a Zero-day Vulnerability in its Security Gateways
- Critical Vulnerability in Progress Telerik can lead to Authentication Bypass
- Multiple Vulnerabilities Patched in Zyxel NAS Products
- Exploited Vulnerabilities Found in Multiple WordPress Plugins
- Security Updates Released for Google Chrome Desktop Browser and Android Products
Recent threat intelligence indicates that the vulnerability (CVE-2024-24919) affecting Check Point Security Gateways has a publicly available proof-of-concept (PoC) exploit. It is recommended to update all affected Security gateways to the latest version.
Original Security Advisory - May 29th, 2024:
Check Point has released an urgent hotfix for a zero-day VPN vulnerability tracked as CVE-2024-24919 affecting its Security Gateways. The flaw can allow an attacker to read system information on Security Gateways that are exposed to the internet. Successful exploitation can allow threat actors to gain remote access to client firewalls.
Of note, CVE-2024-24919 only affects Security Gateways with 'Remote Access VPN' or 'Mobile Access Blade' enabled.
Affected Products & Versions:
- Products: CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances
- Vulnerable Versions: R80.20.x, R80.40 (EOL), R81, R81.10, R81.10.x, R81.20
More Reading/Information
- https://www.bleepingcomputer.com/news/security/check-point-releases-emergency-fix-for-vpn-zero-day-exploited-in-attacks/
- https://www.hipaajournal.com/check-point-issues-warning-about-attacks-targeting-its-vpns-for-initial-access/
- https://support.checkpoint.com/results/sk/sk182337
Critical Vulnerability in Progress Telerik can Lead to Authentication Bypass
A critical security vulnerability, identified as CVE-2024-4358, has been detected in Progress Telerik Report Servers that can allow unauthorized access by remote attackers. This flaw, scoring 9.8 out of 10 on the CVSS scale, allows malicious actors to create rogue administrator credentials to bypass authentication. It is strongly recommended that clients update to the latest version (2024 Q2 10.1.24.514) to mitigate this risk. Additionally, clients should thoroughly review the user listing of their Telerik Report Server to identify and remove any unfamiliar local user accounts that may have been added.
Of note, researchers have developed a proof of concept for CVE-2024-4358 indicating the likelihood of imminent exploits being deployed in the wild.
Affected Versions
- V2024 Q1 10.0.24.305 and earlier
More Reading/Information
- https://www.bleepingcomputer.com/news/security/exploit-for-critical-progress-telerik-auth-bypass-released-patch-now/
- https://cybersecuritynews.com/telerik-report-server-authentication-bypass-flaw/
- https://securityaffairs.com/164114/hacking/progress-telerik-report-servers-poc.html
- https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358
Multiple Vulnerabilities Patched in Zyxel NAS Products
Zyxel Networks has released multiple patches to address three (3) out of five (5) vulnerabilities affecting its end-of-life NAS products. The flaws are being tracked as CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974 and only affect Zyxel NAS devices NAS326/NAS542.
CVE-2024-29972 and CVE-2024-29973 are command injection flaws that allow an unauthenticated attacker to execute OS commands by sending custom crafted POST requests. CVE-2024-29974 is a critical flaw in the CGI program that allows a threat actor to upload specially crafted configuration files for remote code execution.
Of note, the vulnerabilities CVE-2024-29975 and CVE-2024-29976 are improper privilege management flaws and will not receive remediation from Zyxel Networks due to the devices reaching end-of-support status.
Affected Versions
- NASS326 - V5.21(AAZF.16)C0 and earlier
- NAS542 - V5.21(ABAG.13)C0 and earlier
More Reading/Information
- https://www.bleepingcomputer.com/news/security/zyxel-issues-emergency-rce-patch-for-end-of-life-nas-devices/#google_vignette
- https://securityaffairs.com/164150/security/zyxel-rce-eof-nas-devices.html
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
Exploited Vulnerabilities Found in Multiple WordPress Plugins
Recent threat intelligence indicates that several vulnerabilities are currently under active attack, affecting multiple popular WordPress plugins. These vulnerabilities are identified as CVE-2023-6961 (with a CVSS score of 7.2), CVE-2023-40000 (with a CVSS score of 8.3), and CVE-2024-2194 (with a CVSS score of a 7.2), impacting the WP Meta SEO, LiteSpeed, and WP Statistics plugins respectively. These vulnerabilities, stemming from inadequate input sanitization, can allow attackers to inject malicious scripts into web pages. Successful exploitation of these vulnerabilities can further allow an attacker to create rogue administrator accounts for further compromise.
Affected Versions
- WP Meta SEO v4.5.12 and prior
- LiteSpeed v5.7 and prior
- WP Statistics v14.5 and prior
More Reading/Information
- https://www.securityweek.com/critical-wordpress-plugin-flaws-exploited-to-inject-malicious-scripts-and-backdoors/
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-meta-seo/wp-meta-seo-4512-unauthenticated-stored-cross-site-scripting-via-referer-header
- https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-5-7-unauthenticated-site-wide-stored-xss-vulnerability?_s_id=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-statistics/wp-statistics-145-unauthenticated-stored-cross-site-scripting
Security Updates Released for Google Chrome Desktop Browser and Android Products
There were security updates released for vulnerabilities found in Google Chrome and Android.
Google Chrome released a security update to fix eleven (11) vulnerabilities, with seven (7) vulnerabilities receiving a severity rating of "High." These vulnerabilities affect Windows, Mac and Linux.
Android released updates to address thirty-seven (37) vulnerabilities, with three (3) given a severity rating of "Critical." These vulnerabilities affect Android OS security patch levels prior to 2024-06-05.
More Reading/Information
- https://www.securityweek.com/37-vulnerabilities-patched-in-android/
- https://source.android.com/docs/security/bulletin/2024-06-01
- https://chromereleases.googleblog.com/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.