Technical Expertise,Security Vulnerability Advisory

August 02, 2024   •   6 minute read

Cybersafe Solutions Security Advisory August 2, 2024

In this week's Security Advisory:

  • VMware ESXI Hypervisor Vulnerability Exploited by Ransomware Groups
  • Critical ServiceNow RCE flaws actively exploited
  • Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
  • Docker fixes critical 5-year-old authentication bypass flaw
  • DigiCert to Revoke Thousands of Certificates Following DNS Validation Error
  • Security Updates Released for Google Chrome Desktop Browser
VMware ESXI Hypervisor Vulnerability Exploited by Ransomware Groups

Researchers have warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8 out of 10) in VMware ESXi. The flaw is an authentication bypass vulnerability in VMware ESXi. This flaw requires Active Directory integration to be configured and enabled on the hypervisor. 

As part of Cybersafe best practices, we strongly recommend that organizations do not use the AD integration feature and rely on local accounts protected by strong passwords.

Affected Versions

  • VMware ESXi 8.0 (fixed in ESXi80U3-24022510)
  • VMware ESXi 7.0 (no patch planned)
  • VMware Cloud Foundation 5.x (fixed in 5.2)
  • VMware Cloud Foundation 4.x (no patch planned)

More Reading/Information

Critical ServiceNow RCE flaws actively exploited

A threat actor has claimed to have harvested email addresses and associated hashes from over 105 ServiceNow databases by exploiting two organizations in managing digital workflows for enterprise operations, CVE-2024-4879 (CVSS score of 9.3 out of 10). This critical vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. CVE-2024-5217 (CVSS score of 9.2 out of 10) is a similar vulnerability identified in the Washington DC, Vancouver, and earlier Now Platform releases. ServiceNow hosted infrastructure is already patched, self-hosting customers are strongly encouraged to patch.

More Reading/Information

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been identified in Apple products, tracked as CVE-2024-23296 (CVSS score of 7.8 out of 10), with the most severe potentially allowing for arbitrary code execution. If successfully exploited, these vulnerabilities could enable arbitrary code execution within the context of the logged-on user. Depending on the user's privileges, an attacker could then install programs, view, modify, or delete data, or create new accounts with full user rights. Users with accounts that have fewer privileges could be less affected than those with administrative rights. Apple is aware of a report of this vulnerability being exploited in the wild.

Affected Versions

  • Safari versions prior to 17.6
  • iOS and iPadOS versions prior to 17.6
  • iOS and iPadOS versions prior to 16.7.9
  • macOS Sonoma versions prior to 14.6
  • macOS Ventura versions prior to 13.6.8
  • macOS Monterey versions prior to 12.7.6
  • watchOS versions prior to 10.6
  • watchOS versions prior to tvOS 17.6
  • visionOS versions prior to 1.3

More Reading/Information

Docker fixes critical 5-year-old authentication bypass flaw

Docker has released security updates to address a critical vulnerability affecting specific versions of DockerEngine tracked as CVE-2024-41110 (CVSS score of 10 out of 10). This flaw could allow an attacker to bypass authorization plugins (AuthZ) under certain conditions. The flaw was initially discovered and fixed in Docker Engine v18.09.1, released in January 2019. However, the fix was not carried forward in later versions, causing the flaw to resurface. The likelihood of this vulnerability being exploited is considered low.

Affected Versions

  • v19.03.15, v20.10.27, v23.0.14, v24.0.9, v25.0.5, v26.0.2, v26.1.4, v27.0.3, and v27.1.0

More Reading/Information

DigiCert to Revoke Thousands of Certificates Following DNS Validation Error

DigiCert has announced it will be mass-revoking SSL/TLS certificates due to a bug in its domain ownership verification process. Impacted customers are required to reissue their certificates within 24 hours. The exact number of certificates to be revoked is unclear, but the company states that approximately 0.4% of the domain validations conducted between August 2019 and June 2024 are affected. DigiCert has taken action to mitigate similar incidents from re-occurring. Customers who have been affected are advised to take the following steps:

  1. Log in to their DigiCert CertCentral account
  2. Identify affected certificates
  3. Reissue or rekey the impacted certificates
  4. Complete any additional required validation steps
  5. Install the newly issued SSL/TLS certificates

More Reading/Information

Security Updates Released for Google Chrome Desktop Browser

There were security updates released for vulnerabilities found in Google Chrome.

Google Chrome has issued a security update addressing three vulnerabilities that impact Windows, Mac, and Linux operating systems.

More Reading/Information

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.

 
Don’t Wait Until A Threat Becomes A Breach

To learn how Cybersafe Solutions can help keep your organization secure, contact us.

Contact Us
×
Cybersecurity Best Practices

Download Now