In this week's Security Advisory:
- F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus
- Multiple Microsoft Outlook Vulnerabilities can lead to Remote Code Execution
- Critical Vulnerability in GiveWP Wordpress Plugin
- Microsoft disables BitLocker security fix, advises manual mitigation
- Fortinet Patches Multiple Vulnerabilities
- Zoom Patches Multiple Vulnerabilities
F5 has released patches for nine (9) vulnerabilities as part of its August 2024 quarterly security update within BIG-IP and NGINX Plus. The most severe flaw is tracked as CVE-2024-38909 (CVSS score 8.9 out of 10), and is a vulnerability within the BIG-IP Central Manager that can allow an attacker to obtain a user's session cookies to continue access. Another high severity flaw tracked as CVE-2024-39778 (CVSS score 8.7 out of 10), allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. Customers should update to the latest patch to address all vulnerabilities as soon as possible.
More Reading/Information
- https://my.f5.com/manage/s/article/K000140552
- https://www.securityweek.com/f5-patches-high-severity-vulnerabilities-in-big-ip-nginx-plus/
- https://cybersecuritynews.com/f5-vulnerabilities-session-dos/
Multiple Microsoft Outlook Vulnerabilities can lead to Remote Code Execution
Multiple vulnerabilities within Microsoft Outlook Email client have seen a recent uptick in exploitation in the wild. Recently patched CVE-2024-30103 (CVSS score of 8.8 out of 10), CVE-2024-38173 (CVSS score of 6.7 out of 10), and CVE-2024-38021 (CVSS score of 8.8 out of 10) can lead to an attacker gaining remote code execution. Customers should patch their Microsoft Outlook Email client applications as soon as possible.
More Reading/Information
- https://blog.morphisec.com/cve-2024-30103-technical-analysis
- https://blog.morphisec.com/cve-2024-38173-form-injection
- https://blog.morphisec.com/technical-analysis-cve-2024-38021
- https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-outlook-2016-august-13-2024-kb5002626-0b1c3780-45ab-4c70-8b00-75a7f22dff86
Critical Vulnerability in GiveWP WordPress Plugin
A critical vulnerability in the GiveWP WordPress plugin, a donation and fundraising platform tool, could be exploited to execute remote code and delete arbitrary files. Tracked as CVE-2024-5932, (CVSS score 10 out of 10), unauthenticated attackers could trigger the security flaw to execute arbitrary code remotely or delete sensitive data.
Affected Products
- version 3.14.1 and below
More Reading/Information
- https://www.securityweek.com/critical-flaw-in-donation-plugin-exposed-100000-wordpress-sites-to-takeover/
- https://www.tenable.com/cve/CVE-2024-5932
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3141-unauthenticated-php-object-injection-to-remote-code-execution
Microsoft Disables BitLocker Security Fix, Advises Manual Mitigation
Microsoft has disabled a released fix for a BitLocker security feature bypass vulnerability because of firmware incompatibility issues that were causing patched Windows devices to enter BitLocker recovery mode. Tracked as CVE-2024-38058 (CVSS score 6.8 of 10), the vulnerability allows attackers to bypass the BitLocker Device Encryption feature and access encrypted data if they have physical access to the targeted device. After disabling the fix, Microsoft recommends that anyone looking to safeguard their systems and data from CVE-2024-38058 attacks should implement the mitigation measures outlined in the KB5025885 advisory.
Affected Products
- Latest release of August 2024 security updates
More Reading/Information
- https://researchsnipers.com/roll-back-microsoft-deactivates-bitlocker-security-fix-again/
- https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-bitlocker-security-fix-advises-manual-mitigation/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38058
Fortinet Patches Multiple Vulnerabilities
Fortinet has released patches which address several vulnerabilities that affect FortiOS, FortiProxy, FortiPAM, FortiSwitchManager, FortiManager, and FortiAnalyzer products. If exploited, these vulnerabilities could allow an attacker to have unauthorized access and privilege escalation. Customers should update to the latest patch available.
More Reading/Information
- https://www.securityweek.com/fortinet-zoom-patch-multiple-vulnerabilities/
- https://cybersecuritynews.com/zoom-vulnerabilities-escalate-privileges/
- https://cybersecuritynews.com/zoom-vulnerabilities-escalate-privileges/
Zoom Patches Multiple Vulnerabilities
Zoom has announced patches for 15 vulnerabilities across its products, including two high-severity issues. The most severe is tracked as CVE-2024-39825 (CVSS score of 8.5 out of 10) and could allow for an authenticated attacker to escalate their privileges over the network. CVE-2024-39818 (CVSS score of 7.5) affects the Zoom Workplace applications and Meeting SDKs for both desktop and mobile. It could allow authenticated users to access restricted information over the network.
More Reading/Information
- https://www.securityweek.com/fortinet-zoom-patch-multiple-vulnerabilities/
- https://cybersecuritynews.com/zoom-vulnerabilities-escalate-privileges/
- https://cybersecuritynews.com/zoom-vulnerabilities-escalate-privileges/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
