Cyble Research & Intelligence Labs (CRIL) researchers have analyzed more than 100 security vulnerabilities in the last two weeks, with flaws in IT products from SolarWinds, Cisco, Ivanti, Microsoft, Exim and GitLab warranting particularly close attention by security teams.
To help security staff focus their patching and mitigation efforts on the most important threats, The Cyber Express partners with Cyble’s highly skilled dark web and threat intelligence researchers to highlight the vulnerabilities that are at higher risk of exploit and attack and should be prioritized.
In this week’s vulnerability report, we’ll focus on 14 high-risk vulnerabilities, based on Cyble’s work since our last vulnerability update.
Vulnerability Report: The Week’s Top Security Risks
These are the 14 high-severity and critical vulnerabilities that Cyble researchers have highlighted recently.
CVE-2024-29824: Ivanti Endpoint Manager
Impact Analysis: A critical SQL Injection vulnerability in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 allows an unauthenticated attacker within the same network to execute arbitrary code. With the availability of recently released public POC and exploit scripts, there are possibilities of exploitation of the vulnerability by threat actors (TAs) on a large scale.
Internet Exposure? No
Patch Available? Yes
CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470: SolarWinds ARM
Impact Analysis: These critical vulnerabilities impact SolarWinds Access Rights Manager (ARM) software, a critical tool in enterprise environments that helps admins manage and audit access rights across their organization’s IT infrastructure to minimize threat impact. The flaws allow attackers without privileges to perform actions on unpatched systems by executing code or commands, with or without SYSTEM privileges, depending on the exploited flaw.
Internet Exposure? No
Patch Available? Yes
CVE-2024-23475 and CVE-2024-23472: SolarWinds ARM
Impact Analysis: In the same update, SolarWinds also addressed two critical directory traversal and information disclosure vulnerabilities in Access Rights Manager (ARM), which allow unauthenticated users to perform arbitrary file deletion and obtain sensitive information after accessing files or folders outside of restricted directories.
Internet Exposure? No
Patch Available? Yes
CVE-2024-20401: Cisco Secure Email Gateway
Impact Analysis: This critical vulnerability in Cisco Secure Email Gateway’s content scanning and message filtering features could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.
Internet Exposure? No
Patch Available? Yes
CVE-2024-20419: Cisco Smart Software Manager On-Prem
Impact Analysis: This 10.0 critical vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) license management solution could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.
Internet Exposure? Yes
Patch Available? Yes
CVE-2024-38112: Microsoft MSHTML
Impact Analysis: A high severity MSHTML platform spoofing vulnerability has been discovered impacting Microsoft’s Windows operating system. An attacker would have to send the victim a malicious file that the victim would need to execute to leverage the flaw. Researchers also disclosed that the zero-day vulnerability has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features.
Internet Exposure: No
Patch Available? Yes
CVE-2024-39929: Exim
Impact Analysis: A medium severity vulnerability impacts Exim, a mail transfer agent (MTA). It occurs due to the incorrect parsing of multiline RFC2231 header filenames, which can let remote attackers deliver malicious executable attachments into end users’ mailboxes by circumventing the $mime_filename extension-blocking protection mechanism. With a large number of internet exposed instances and availability of proof of concept (POC), there are possibilities of exploitation of vulnerability by TAs in the future.
Internet Exposure: Yes
Patch? Follow progress at bugs.exim.org
CVE-2024-6385: GitLab CE/EE
Impact Analysis: A critical vulnerability is discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. Since the impacted product is utilized in multiple organizations worldwide, there are possibilities that the TAs could try to exploit vulnerability for illicit purposes.
Internet Exposure? Yes
Patch Available? Yes
Dark Web Exploits, ICS Vulnerabilities & More
The full Cyble report for subscribers also looks at 25 vulnerability exploits discussed on the dark web, 68 industrial control system (ICS) vulnerabilities, and the vulnerabilities with the highest number of web asset exposures, some numbering in the hundreds of thousands.