In this week's Security Advisory:
Recent threat intelligence indicates that the vulnerability (CVE-2024-24919) affecting Check Point Security Gateways has a publicly available proof-of-concept (PoC) exploit. It is recommended to update all affected Security gateways to the latest version.
Original Security Advisory - May 29th, 2024:
Check Point has released an urgent hotfix for a zero-day VPN vulnerability tracked as CVE-2024-24919 affecting its Security Gateways. The flaw can allow an attacker to read system information on Security Gateways that are exposed to the internet. Successful exploitation can allow threat actors to gain remote access to client firewalls.
Of note, CVE-2024-24919 only affects Security Gateways with 'Remote Access VPN' or 'Mobile Access Blade' enabled.
Affected Products & Versions:
More Reading/Information
A critical security vulnerability, identified as CVE-2024-4358, has been detected in Progress Telerik Report Servers that can allow unauthorized access by remote attackers. This flaw, scoring 9.8 out of 10 on the CVSS scale, allows malicious actors to create rogue administrator credentials to bypass authentication. It is strongly recommended that clients update to the latest version (2024 Q2 10.1.24.514) to mitigate this risk. Additionally, clients should thoroughly review the user listing of their Telerik Report Server to identify and remove any unfamiliar local user accounts that may have been added.
Of note, researchers have developed a proof of concept for CVE-2024-4358 indicating the likelihood of imminent exploits being deployed in the wild.
Affected Versions
More Reading/Information
Zyxel Networks has released multiple patches to address three (3) out of five (5) vulnerabilities affecting its end-of-life NAS products. The flaws are being tracked as CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974 and only affect Zyxel NAS devices NAS326/NAS542.
CVE-2024-29972 and CVE-2024-29973 are command injection flaws that allow an unauthenticated attacker to execute OS commands by sending custom crafted POST requests. CVE-2024-29974 is a critical flaw in the CGI program that allows a threat actor to upload specially crafted configuration files for remote code execution.
Of note, the vulnerabilities CVE-2024-29975 and CVE-2024-29976 are improper privilege management flaws and will not receive remediation from Zyxel Networks due to the devices reaching end-of-support status.
Affected Versions
More Reading/Information
Recent threat intelligence indicates that several vulnerabilities are currently under active attack, affecting multiple popular WordPress plugins. These vulnerabilities are identified as CVE-2023-6961 (with a CVSS score of 7.2), CVE-2023-40000 (with a CVSS score of 8.3), and CVE-2024-2194 (with a CVSS score of a 7.2), impacting the WP Meta SEO, LiteSpeed, and WP Statistics plugins respectively. These vulnerabilities, stemming from inadequate input sanitization, can allow attackers to inject malicious scripts into web pages. Successful exploitation of these vulnerabilities can further allow an attacker to create rogue administrator accounts for further compromise.
Affected Versions
More Reading/Information
There were security updates released for vulnerabilities found in Google Chrome and Android.
Google Chrome released a security update to fix eleven (11) vulnerabilities, with seven (7) vulnerabilities receiving a severity rating of "High." These vulnerabilities affect Windows, Mac and Linux.
Android released updates to address thirty-seven (37) vulnerabilities, with three (3) given a severity rating of "Critical." These vulnerabilities affect Android OS security patch levels prior to 2024-06-05.
More Reading/Information
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.