In this week's Security Advisory:
- Cisco Patches Multiple Critical Vulnerabilities
- SolarWinds Releases Patch to Address Multiple Critical Vulnerabilities
- Ivanti Releases Patches for Multiple Vulnerabilities in its Products
- Atlassian Releases Multiple Patches to Address Vulnerabilities in Confluence, Bamboo, and Jira
- Security Updates Released for Google Chrome Desktop Browser and Oracle Products
Cisco released a patch for a critical vulnerability in their Cisco Secure Email Gateway product. Assigned CVE-2024-20401, and rated as a CVSS score of 9.8 out of 10, it allows an unauthenticated remote attacker to send a specially crafted email attachment to a vulnerable device which results in overwriting of files on the system. To exploit this vulnerability, both "File Analysis" and "Content filters" must be enabled within Secure Email Gateway and is running a vulnerable release of Cisco AsyncOS. Successful exploitation could lead to arbitrary code execution by the attacker, potentially granting them elevated privileges on the affected system.
Cisco also patched their Cisco Smart Software Manager On-Prem (SSM On-Prem). Assigned CVE-2024-22262, and rated at a CVSS score of 10 out of 10, allows an unauthenticated, remote attacker to change the password of any user, including administrative users.
Affected Products
CVE-2024-20401 affects Cisco Secure Email Gateway if it is running a vulnerable release of Cisco AsyncOS and both of the following conditions are met:
- Either the file analysis feature, part of Cisco Advanced Malware Protection (AMP), or the content filter feature is enabled and assigned to an incoming mail policy.
- The Content Scanner Tools version is older than 23.3.0.4823
CVE-2024-20419 affects Cisco SSM On-Prem and Cisco Smart Software Manager Satellite.
More Reading/Information
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
- https://threatprotect.qualys.com/2024/07/18/cisco-secure-email-gateway-arbitrary-file-write-vulnerability-cve-2024-20401/
- https://www.helpnetsecurity.com/2024/07/18/cve-2024-20401-cve-2024-20419/
- https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html
SolarWinds Releases Patch to Address Multiple Critical Vulnerabilities
SolarWinds has addressed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which permitted attackers to achieve remote code execution (RCE) on susceptible devices. Access Rights Manager is a vital tool for enterprises, enabling administrators to manage and audit access rights across their organization's IT infrastructure to reduce the impact of threats.
The RCE vulnerabilities (CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470), all with severity scores of 9.6/10, allowed attackers without privileges to perform actions on unpatched systems by executing code or commands, with or without SYSTEM privileges, depending on the specific flaw exploited.
There are currently no reports of these vulnerabilities being exploited in the wild.
More Reading/Information
- https://www.securityweek.com/solarwinds-patches-critical-vulnerabilities-in-access-rights-manager/
- https://thehackernews.com/2024/07/solarwinds-patches-11-critical-flaws-in.html
- https://www.bleepingcomputer.com/news/security/solarwinds-fixes-8-critical-bugs-in-access-rights-audit-software/
- https://www.techradar.com/pro/security/solarwinds-just-patched-a-whole-load-of-critical-security-flaws
Ivanti Releases Patches for Multiple Vulnerabilities in its Products
Ivanti has released patches that address critical vulnerabilities found in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). Ivanti has resolved a SQL Injection vulnerability in its Endpoint Management (EPM) software. This vulnerability, identified as CVE-2024-37381 with a CVSS score of 8.4, could have allowed authenticated attackers within the same network to execute arbitrary code on affected systems. Ivanti also released patches for four vulnerabilities affecting all versions of its Endpoint Manager for Mobile (EPMM) product. Three of the flaws, identified as CVE-2024-36130, CVE-2024-36131, and CVE-2024-36132, are high-severity bugs. EPMM (Core) versions 11.12.0.3, 12.0.0.3 and 12.1.0.1 address these security flaws.
Ivanti says it is not aware of this vulnerability being exploited in the wild.
More Reading/Information
- https://thecyberthrone.in/2024/07/18/ivanti-patches-sqli-vulnerability-in-its-epm-software-cve-2024-37381/
- https://www.ivanti.com/blog/july-security-update
- https://forums.ivanti.com/s/article/Security-Advisory-EPM-July-2024-for-EPM-2024?language=en_US
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024?language=en_US
- https://www.securityweek.com/ivanti-issues-hotfix-for-high-severity-endpoint-manager-vulnerability/
Atlassian Releases Multiple Patches to Address Vulnerabilities in Confluence, Bamboo, and Jira
Atlassian has released updates for Bamboo Data Center and Server that address two high-severity bugs, tracked as CVE-2024-22262 rated at a CVSS score of 8.1 out of 10, which could allow an unauthenticated attacker to perform a server-side request forgery (SSRF) attack.
The second issue tracked as CVE-2024-21687 rated at a CVSS score of 8.1 out of 10, allows an authenticated attacker to make the application display the contents of a local file or execute a different file already stored on the server. This has a high impact on confidentiality and integrity, no impact on availability, and requires no user interaction.
Affected Versions
- Bamboo Data Center and Bamboo Server versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0
More Reading/Information
- https://confluence.atlassian.com/security/security-bulletin-july-16-2024-1417150917.html
- https://www.securityweek.com/atlassian-patches-high-severity-vulnerabilities-in-bamboo-confluence-jira/
- https://nvd.nist.gov/vuln/detail/CVE-2024-21687
Security Updates Released for Google Chrome Desktop Browser and Oracle Products
There were security updates released for vulnerabilities found in Google Chrome and Oracle Products.
Google Chrome has issued a security update addressing twenty-four (24) vulnerabilities that impact Windows, Mac, and Linux operating systems.
Oracle released 386 patches in their quarterly update, which fixed vulnerabilities in several of their products. It is recommended to update all affected products to their latest version. The full list of affected Oracle products can be found here: : https://www.oracle.com/security-alerts/cpujul2024.html
More Reading/Information
- https://www.securityweek.com/chrome-127-patches-24-vulnerabilities/
- https://www.oracle.com/security-alerts/cpujul2024.html
- https://chromereleases.googleblog.com/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
