Weekly IT Vulnerability Report For August 28, 2024 – September 03, 2024
Key Takeaways:
- CISA incorporated four vulnerabilities (CVE-2021-20123, CVE-2021-20124, CVE-2024-7262, and CVE-2024-7965) into its Known Exploited Vulnerability (KEV) catalog based on evidence of active exploitation.
- The Cyble team analyzed critical and high-severity CVEs including those impacting networking products CVE-2024-7261 and CVE-2024-44341 and Dell’s PowerProtect tool CVE-2024-37136, which could lead to remote code execution and information exposure.
- CRIL detected multiple instances of vulnerability discussions and proof-of-concept sharing in underground forums and channels, including for critical flaws (CVE-2024-38063, CVE-2024-5932, CVE-2024-43044, CVE-2024-6670 and CVE-2024-3116) in Windows, WordPress, Jenkins, and other products.
Overview
This Weekly Vulnerability Intelligence Report explores vulnerability updates between August 28 to September 3. The CRIL team investigated 13 vulnerabilities this week, among other disclosed issues, to present critical, high, and medium insights.
This comprehensive analysis examines the latest cybersecurity threats and provides recommendations to help organizations strengthen their defenses.
The Week’s Top Vulnerabilities
Here is a deeper analysis of those five vulnerabilities identified by Cyble researchers.
- CVE-2024-7261: Improper Neutralization of Special Elements in Zyxel Firmware
Critical vulnerability in Zyxel products, could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. The impact of this flaw is significant, as it could enable remote code execution and compromise the affected systems.
- CVE-2024-37136: Exposure of Private Personal Information in Dell Path to PowerProtect
Impacts Dell Path to PowerProtect, a tool used for policy migration and agent onboarding. A remote, high-privileged attacker could potentially exploit this vulnerability, leading to information exposure.
- CVE-2024-44341: remote command execution (RCE) vulnerability in D-Link
Critical remote command execution (RCE) vulnerability, affects the D-Link DIR-846W A1 FW100A43 wireless router model. Attackers can exploit this flaw by sending a crafted POST request to the vulnerable device.
- CVE-2024-7971: Type confusion in V8 in Google Chrome prior to 128.0.6613.84
Type confusion vulnerability in Google Chrome’s V8 engine, Microsoft has disclosed with a high degree of confidence that they observed exploitation of this vulnerability by a North Korean threat actor targeting the cryptocurrency sector.
Vulnerabilities and Exploits Discussed in the Underground
CRIL observed multiple instances of vulnerability discussions and the promulgation of proof-of-concepts (POCs) in underground forums and channels.
- On a Telegram channel named ‘Proxy Bar,’ the administrator shared POCs for several critical and high-severity vulnerabilities, including CVE-2024-38063 (Windows TCP/IP RCE), CVE-2024-5932 (GiveWP RCE), and CVE-2024-43044 (Jenkins arbitrary file read).
- On the Telegram channel CyberDilara, the administrator shared a POC for CVE-2024-6670, a critical SQL injection vulnerability in WhatsUp Gold. TA Neo_Matrix also shared a POC for CVE-2024-3116, a high-severity RCE vulnerability in pgAdmin.
- TA KeeperZed offered a 0-day vulnerability affecting devices running iOS 17.xx and iOS 18.xx (Beta) on a forum, attempting to sell it for $2.5 million.
Cyble’s Recommendations
To mitigate the risks posed by these vulnerabilities, CRIL recommends the following actions:
- Implement the latest patches
Regularly update all software and hardware systems with the latest patches from official vendors to address vulnerabilities and protect against exploits. - Establish a robust patch management process
Develop a comprehensive patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification. - Implement proper network segmentation
Divide the network into distinct segments to isolate critical assets from less secure areas, using firewalls, VLANs, and access controls. - Enhance incident response and recovery capabilities
Create and maintain an incident response plan, and regularly test and update it to ensure effectiveness. - Strengthen monitoring and logging
Implement comprehensive monitoring and logging solutions to detect and analyze suspicious activities across the network. - Enhance Incident Response and Recovery Capabilities
Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. Regularly test and update the plan to ensure its effectiveness and alignment with current threats. - Strengthen Monitoring and Logging
Implement comprehensive monitoring and logging solutions to detect and analyze suspicious activities across the network. - Stay Informed of Security Alerts
Subscribe to security advisories and alerts from official vendors, CERTs, and other authoritative sources. Regularly review and assess the impact of these alerts on your systems and take appropriate actions. - Conduct Vulnerability Assessments and Penetration Testing
Conduct regular VAPT exercises to identify and remediate vulnerabilities in your systems. Complement these exercises with periodic security audits to ensure compliance with security policies and standards. - Maintain Visibility into Assets
Maintain an up-to-date inventory of all internal and external assets, including hardware, software, and network components. Use asset management tools and continuous monitoring to ensure comprehensive visibility and control over the IT environment. - Enforce Strong Password Policies and Multi-Factor Authentication
Change default passwords immediately and enforce a robust password policy across the organization. Implement multi-factor authentication (MFA) to provide an extra layer of security and significantly reduce the risk of unauthorized access.
Related