Cyble Research & Intelligence Labs (CRIL) analyzed 29 vulnerabilities in its weekly vulnerability report for June 26-July 2, including high severity and critical flaws in products from Juniper Networks, OpenSSH and GitLab.
The report also emphasized a medium-severity vulnerability in Cisco Nexus switches that’s being actively exploited, and discussed exploits for sale on the dark web, and industrial control system (ICS) vulnerabilities too.
Of the thousands of new security vulnerabilities discovered each year, only a small percentage are actively exploited by threat actors. To help security teams focus patching and mitigation efforts on the most important threats, The Cyber Express each week partners with Cyble’s highly skilled dark web and threat intelligence researchers to highlight security vulnerabilities that warrant particularly close attention.
The Week’s Top Vulnerabilities
These are the three high-severity and critical vulnerabilities Cyble researchers focused on this week, plus a Cisco medium-severity vulnerability.
CVE-2024-6387: OpenSSH Server
Impact Analysis: This unauthenticated remote code execution (RCE) vulnerability in OpenSSH’s server (sshd) grants the attacker full root access. An attacker’s successful exploitation of this vulnerability could allow the execution of arbitrary code with root privileges, install malware and create backdoors, manipulate data and traverse other vulnerable systems, bypass security mechanisms like firewalls and intrusion detection systems, and conduct significant data breaches, resulting in the leakage of sensitive information.
Internet Exposure? Yes
Patch? Yes
CVE-2024-2973: Juniper Networks
Impact Analysis: This is a critical authentication bypass vulnerability in Juniper Networks’ Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. If exploited, attackers could gain unauthorized access to network configurations and sensitive data, potentially enabling further malicious activities such as launching larger-scale attacks on other systems connected to the compromised router.
Internet Exposure? No
Patch? Yes
CVE-2024-5655: GitLab CE/EE
Impact Analysis: This is a critical vulnerability in GitLab CE/EE that affects versions 15.8 to 16.11.5, 17.0 to 17.0.3, and 17.1 to 17.1.1. The flaw allows attackers to trigger a pipeline as another user under certain conditions, which can lead to unauthorized actions within GitLab. If exploited, it could allow an attacker to perform actions with the same permissions as the impersonated user, leading to potential data breaches, unauthorized code execution, and compromise of the CI/CD pipeline.
Internet Exposure? Yes
Patch? Yes
CVE-2024-20399: Cisco Nexus Switches
Cyble researchers also noted that Velvet Ant, a Chinese state-sponsored threat actor group, is actively exploiting vulnerability CVE-2024-20399. The group has been targeting Cisco Nexus switches to install custom malware. Exploiting this vulnerability allows attackers to gain root privileges on the compromised devices, enabling them to execute arbitrary commands, upload malicious files, and maintain persistent access. The exploitation of this vulnerability poses significant risks, including unauthorized access to sensitive data and potential disruption of network operations.
Patch? Yes
Vulnerabilities and Exploits Discussed on the Dark Web
Cyble researchers also noted a number of exploits they’ve seen for sale on the dark web, including proof of concepts (PoCs) for a Mozilla Firefox vulnerability (CVE-2024-29943), the OpenSSH vulnerability, and CVE-2024-28955 and CVE-2024-28955, path traversal vulnerabilities present in Sharp and Toshiba Tec’s digital multi-function peripherals (MFPs). Cyble also noticed threat actors on forums discussing the CVE-2024-34102 vulnerability present in versions of Adobe Commerce and the CVE-2024-5565 vulnerability present in the Vanna Python library.
The researchers also observed alleged zero days for sale affecting Google Chrome for Windows, ABB ASPECT control panels and EntroLink VPN appliances.
The full report available for clients covers all these vulnerabilities and more, including 17 industrial control system (ICS) vulnerabilities affecting the likes of Mitsubishi ICONICS, Johnson Controls and marKoni.
