Velma’s KEV Report – November 2024

6 min read
Stay ahead of the game
Loading

click here to copy URL

Top Reported Known Exploitable Issues:

Here is the complete list of vulnerabilities for this month that we’ve updated within our platform, to be treated as a priority:

Watchlist Details: CVE-2024-49138

Name

Windows Common Log File System Driver Elevation of Privilege

Description

Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Watchlist Details: CVE-2024-44309

Name

Apple IOS

Description

A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content. The iPhone maker said it addressed CVE-2024-44308 and CVE-2024-44309 with improved checks and improved state management, respectively. Not much is known about the exact nature of the exploitation, but Apple has acknowledged that the pair of vulnerabilities “may have been actively exploited on Intel-based Mac systems

Watchlist Details: CVE-2023-28461

Name

Array Networks AG and vxAG

Description

The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes (version 9.4.0.484) for the security shortcoming were released by the network hardware vendor in March 2023. Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication.

Watchlist Details: CVE-2024-50623

Name

Cleo-managed file transfer

Description

An identified unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution. The vulnerability affects the following products: Cleo Harmony® (prior to version 5.8.0.21) Cleo VLTrader® (prior to version 5.8.0.21) Cleo LexiCom® (prior to version 5.8.0.21) Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.21) to address additional discovered potential attack vectors of the vulnerabilit

Watchlist Details: CVE-2024-38813

Name

VMware vCenter Server

Description

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Watchlist Details: CVE-2024-51378

Name

I-O Data Routers

Description

Multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel CVE-2024-51378 (CVSS score: 10.0) – An incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property

Watchlist Details: CVE-2024-4244

Name

Veeam

Description

Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. “From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine

Watchlist Details: CVE-2024-11639

Name

Ivanti

Description

CVE-2024-11639 (CVSS score: 10.0) – An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access

Watchlist Details: CVE-2024-11639

Name

Palo Alto Networks Expedition SQL Injection Vulnerability

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to run arbitrary OS commands as root in the Expedition migration tool or reveal its database contents. This could then pave the way for disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, or create and read arbitrary files on the vulnerable system.

Watchlist Details: CVE-2024-1212

Name

VMware vCenter Server

Description

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog

Watchlist Details: CVE-2024-49112

Name

Windows Lightweight Directory Access Protocol

Description

tracked as CVE-2024-49112 (CVSS score: 9.8). “An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.

Watchlist Details: CVE-2024-10905

Name

identityIQ

Description

A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ “allows HTTP access to static content in the IdentityIQ application directory that should be protected,” according to a description of the flaw on NIST’s National Vulnerability Database (NVD). The vulnerability has been characterized as a case of improper handling of file names that identify virtual resources (CWE-66), which could be abused to read otherwise inaccessible files.

Watchlist Details: CVE-2024-21287

Name

Oracle PLM

Description

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. “This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” it said in an advisory. “If successfully exploited, this vulnerability may result in file disclosure.”

Watchlist Details: CVE-2024-41713

Name

Mitel

Description

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input validation in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab that results in a path traversal attack

Watchlist Details: CVE-2024-11972

Name

WordPress Hunk Plugin

Description

Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin accounts.

Say hello to Velma!

Hello, I’m Velma, Rootshell’s Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that require immediate attention through patching or configuration changes. Similar to human security analysts, I tirelessly scour numerous forums, websites, and social media channels to provide what I deem as pertinent Threat Intelligence regarding known exploitable vulnerabilities.  

Whilst I don’t yet have the ability to track data breaches in the Rootshell platform watch this space I have some powerful useful supply chain monitoring capabilities on my roadmap.