In this week's Security Advisory:
- SonicWall warns of critical access control flaw in SonicOS
- Versa Director zero-day exploited to compromise ISPs, MSPs
- Security Update Released for Authentication Bypass vulnerability in Hitachi Ops Center Common Services
- Security Updates Released for Google Chrome Desktop
SonicWall's SonicOS has a critical issue that could allow attackers to conduct a denial of service attack against the firewall causing the firewall to crash. Tracked as CVE-2024-40766 with a CVSS score of 9.3 out of 10, is remotely exploitable with no privileges or user interaction required. The complexity of the attack required to exploit the flaw is considered "low."
Affected Versions
- This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
More Reading/Information
• https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos/• https://www.helpnetsecurity.com/2024/08/26/cve-2024-40766/
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
Versa Director zero-day exploited to compromise ISPs, MSPs
The Chinese state-sponsored hacking group Volt Typhoon is responsible for attacks that exploited a zero-day flaw in Versa Director, allowing them to upload a custom webshell to steal credentials and breach corporate networks. Versa Director is a management platform used by ISPs and MSPs to oversee virtual WAN connections established through SD-WAN services. The flaw, tracked as CVE-2024-39717 with a CVSS score of 7.2 out of 10, enabled threat actors with administrator privileges to upload malicious Java files disguised as PNG images, which could then be executed remotely.
Affected Versions
- All versions prior to 22.1.4
More Reading/Information
• https://www.helpnetsecurity.com/2024/08/27/cve-2024-39717-exploited/• https://www.bleepingcomputer.com/news/security/chinese-volt-typhoon-hackers-exploited-versa-zero-day-to-breach-isps-msps/
• https://www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers
Security Update Released for Authentication Bypass vulnerability in Hitachi Ops Center Common Services
Hitachi has released a security update that addresses an Authentication Bypass vulnerability in Hitachi Ops Center Common Services. This vulnerability is being tracked as CVE-2024-7125 with a CVSS score of 7.8 out of 10.
Affected Versions
- from 10.9.3-00 before 11.0.2-01
More Reading/Information
• https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html• https://www.cve.org/CVERecord?id=CVE-2024-7125
Security Updates Released for Google Chrome Desktop
Security updates were released by Google to address several vulnerabilities in Google Chrome Desktop. Google Chrome has issued a security update addressing CVE-2024-7971 and CVE-2024-7965 both a CVSS score of 8.8.
More Reading/Information• https://www.darkreading.com/vulnerabilities-threats/google-chrome-update-fixes-flaw-exploited-in-the-wild
• https://chromereleases.googleblog.com/
• https://www.helpnetsecurity.com/2024/08/22/cve-2024-7971/
• https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.