Cybersecurity Updates: Vulnerabilities, August 5-11, 2024

Zero Day Vulnerabilities

Microsoft Exchange Server Remote Code Execution | CVE-2024-38200: A critical RCE vulnerability in Microsoft Exchange Server allows attackers to execute arbitrary code remotely, compromising the server and accessing sensitive information.

Critical Severity Vulnerabilities

ServiceNow Remote Code Execution (RCE) Vulnerabilities | CVE-2024-4879, CVE-2024-5217, CVE-2024-5178: Multiple critical vulnerabilities were disclosed in ServiceNow’s platform, specifically affecting the Vancouver and Washington D.C. releases. These vulnerabilities allow unauthenticated remote attackers to execute arbitrary code and access sensitive data. Active exploitation has been detected, with attackers chaining these vulnerabilities to compromise systems, leading to data breaches and unauthorized access to IT service desks and corporate portals.

Apache OFBiz Remote Code Execution (RCE) Vulnerability | CVE-2024-38856: Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints).

High Severity Vulnerabilities

Linux Kernel Privilege Escalation | CVE-2024-36941: This vulnerability in the Linux kernel can allow a local user to escalate privileges, giving them unauthorized access to higher-level functions and data.

Microsoft COM for Windows Privilege Escalation | CVE-2018-0824: A high-severity deserialization vulnerability in Microsoft COM for Windows allows for privilege escalation and potential remote code execution via crafted files or scripts.

Android Kernel Remote Code Execution | CVE-2024-36971: A high-severity RCE vulnerability in the Android kernel affects devices running certain versions of the Linux Kernel. The issue allows remote attackers to execute arbitrary code.

Noteworthy Developments

Royal Ransomware Rebrand: The notorious Royal Ransomware group has rebranded as “BlackSuit,” continuing its operations with updated tactics. While this isn’t linked to a specific CVE, it highlights ongoing risks related to ransomware attacks and the need for vigilance.

Medium Severity Vulnerabilities

VMware ESXi Authentication Bypass | CVE-2024-37085: This vulnerability allows attackers to bypass authentication on VMware ESXi servers. It poses significant risks as it can enable unauthorized access to virtual machines, potentially leading to data breaches and system compromise. CISA has added this to their Known Exploited Vulnerabilities Catalog.

Microsoft Windows Codecs Library Information Disclosure Vulnerability | CVE-2024-38056: This vulnerability falls under the category of CWE-125, which refers to an out-of-bounds read issue. In this paragraph, we will delve into the details of this vulnerability and its potential impact on Windows 10 users.

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | CVE-2024-38102: This vulnerability has raised concerns amongst users and cybersecurity experts due to the potential risks it poses to the security and stability of the operating system.

Incomplete Input Validation in SecurelyAccess API | CVE-2024-5178: This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Thermal/drivers/Tsens: Fix null pointer dereference | CVE-2024-38571: In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if DEBUG or DYNAMIC_DEBUG set). Fix this bug by adding null pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

WordPress Login Logo Editor plugin | CVE-2024-37523: Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n/a through 1.3.3.