In this week's Security Advisory:
- Critical Vulnerability Discovered in Exim Mail Transfer Agent
- Patch Issued for Critical WMware Aria Automation Vulnerability
- Critical Vulnerability in Palo Alto Expedition Can Lead to Unauthorized Data Access
- Security Updates Released for Google Chrome Desktop Browser in Mozilla
Security updates have been released regarding a critical vulnerability with the Exim mail transfer agent, an open-source mail transfer agent for Unix systems. Tracked as CVE-2024-39929 with a CVSS score of 9.1 out of 10, the vulnerability can allow an attacker to bypass security filters and deliver malicious executable attachments to a victim's mailbox. Researchers have already developed a proof-of-concept (PoC) and active exploitation in the wild is expected soon.
Affected Versions
- Exim v4.97.1 and prior
More Reading/Information
- https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/
- https://censys.com/cve-2024-39929/
- https://www.scmagazine.com/brief/over-1-5m-exim-servers-impacted-by-critical-security-bypassing-bug
- https://www.helpnetsecurity.com/2024/07/15/cve-2024-39929/
Patch Issued for Critical VMware Aria Automation Vulnerability
VMware has issued security updates addressing a critical vulnerability identified in its Aria Automation product. Designated as CVE-2024-22280 with a CVSS score of 8.5 out of 10, this vulnerability involves SQL injection flaw that could allow an attacker to exploit improper input validations using specially crafted queries. Successful exploitation of this vulnerability can allow an attacker to obtain unauthorized access and manipulate sensitive data within the affected environment.
Affected Versions
- VMware Aria Automation
- v8.x (Of note, 8.17.0 is not affected)
- VMware Cloud Foundation
- v4.x
- v5.x
More Reading/Information
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598
- https://www.securityweek.com/vmware-patches-critical-sql-injection-flaw-in-aria-automation/
- https://cybersecuritynews.com/vmware-aria-automation-sql-injection/
- https://knowledge.broadcom.com/external/article/325790
Critical Vulnerability in Palo Alto Expedition Can Lead to Unauthorized Data Access
Security updates were released by Palo Alto Networks to address a critical vulnerability within Palo Alto Expedition, a migration software used to import configuration data. The flaw is being tracked as CVE-2024-5910 with a CVSS score of 9.3 out of 10 and allows an attacker to gain unauthorized access due to missing authentication standards. Successful exploitation can allow a threat actor to gain sensitive information from data imported into Expedition. Customers should update to the latest patch before using the tool for any data migration to prevent unauthorized access of information.
Affected Versions
- Expedition Versions Prior to 1.2.92
More Reading/Information
- https://security.paloaltonetworks.com/CVE-2024-5910
- https://www.securityweek.com/palo-alto-networks-addresses-blastradius-vulnerability-fixes-critical-bug-in-expedition-tool/
- https://securityaffairs.com/165641/security/palo-alto-networks-critical-bug-expedition.html
Security Updates Released for Google Chrome Desktop Browser and Mozilla
Google Chrome has issued security updates addressing ten (10) vulnerabilities, with eight (8) classified as "High" severity. These vulnerabilities impact Windows, Mac, and Linux operating systems.
Mozilla released security updates to address vulnerabilities in Thunderbird that could lead to arbitrary code execution. There was a total of five (5) vulnerabilities that affects Thunderbird prior to 115.13.
More Reading/Information
- https://chromereleases.googleblog.com/
- https://www.securityweek.com/chrome-126-updates-patch-high-severity-vulnerabilities/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.