Insights | Resources by Cybersafe Solutions

Cybersafe Solutions Security Advisory Bulletin August 30, 2024

Written by Cybersafe Solutions | Aug 30, 2024 2:00:00 PM

In this week's Security Advisory:

  • SonicWall warns of critical access control flaw in SonicOS
  • Versa Director zero-day exploited to compromise ISPs, MSPs
  • Security Update Released for Authentication Bypass vulnerability in Hitachi Ops Center Common Services
  • Security Updates Released for Google Chrome Desktop
SonicWall warns of critical access control flaw in SonicOS

SonicWall's SonicOS has a critical issue that could allow attackers to conduct a denial of service attack against the firewall causing the firewall to crash. Tracked as CVE-2024-40766 with a CVSS score of 9.3 out of 10, is remotely exploitable with no privileges or user interaction required. The complexity of the attack required to exploit the flaw is considered "low."

Affected Versions

  • This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

More Reading/Information

•    https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos/
•    https://www.helpnetsecurity.com/2024/08/26/cve-2024-40766/
•    https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

Versa Director zero-day exploited to compromise ISPs, MSPs

The Chinese state-sponsored hacking group Volt Typhoon is responsible for attacks that exploited a zero-day flaw in Versa Director, allowing them to upload a custom webshell to steal credentials and breach corporate networks. Versa Director is a management platform used by ISPs and MSPs to oversee virtual WAN connections established through SD-WAN services. The flaw, tracked as CVE-2024-39717 with a CVSS score of 7.2 out of 10, enabled threat actors with administrator privileges to upload malicious Java files disguised as PNG images, which could then be executed remotely.

Affected Versions

  • All versions prior to 22.1.4

More Reading/Information

•    https://www.helpnetsecurity.com/2024/08/27/cve-2024-39717-exploited/
•    https://www.bleepingcomputer.com/news/security/chinese-volt-typhoon-hackers-exploited-versa-zero-day-to-breach-isps-msps/
•    https://www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers

Security Update Released for Authentication Bypass vulnerability in Hitachi Ops Center Common Services

Hitachi has released a security update that addresses an Authentication Bypass vulnerability in Hitachi Ops Center Common Services. This vulnerability is being tracked as CVE-2024-7125 with a CVSS score of 7.8 out of 10.

Affected Versions

  • from 10.9.3-00 before 11.0.2-01

More Reading/Information

•    https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-143/index.html
•    https://www.cve.org/CVERecord?id=CVE-2024-7125

Security Updates Released for Google Chrome Desktop

Security updates were released by Google to address several vulnerabilities in Google Chrome Desktop. Google Chrome has issued a security update addressing CVE-2024-7971 and CVE-2024-7965 both a CVSS score of 8.8.

More Reading/Information

•    https://www.darkreading.com/vulnerabilities-threats/google-chrome-update-fixes-flaw-exploited-in-the-wild
•    https://chromereleases.googleblog.com/
•    https://www.helpnetsecurity.com/2024/08/22/cve-2024-7971/
•    https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.