Velma’s KEV Report – October 2024

3 min read
Stay ahead of the game
Loading

click here to copy URL

Top Reported Known Exploitable Issues:

Here is the complete list of vulnerabilities for this month that we’ve updated within our platform, to be treated as a priority:

CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2024-49039, could allow an attacker to execute RPC functions that are otherwise restricted to privileged accounts. However, Microsoft notes that successful exploitation requires an authenticated attacker to run a specially crafted application on the target system to first elevate their privileges to a Medium Integrity Level.

CVE-2024-43451 | Windows NTLM Hash Disclosure Spoofing Vulnerability

This vulnerability discloses a user’s NTLMv2 hash to the attacker who could use this to authenticate as the user. Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability. Exploitation Detected

CVE-2024-5910 | Palo Alto

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

While it’s currently not known how it’s being exploited in the wild, federal agencies have been advised to apply the necessary fixes by November 28, 2024, to secure their networks against the threat.

CVE-2024-8069 | Citrix

Limited remote code execution with the privilege of a NetworkService Account access Attacker must be an authenticated user on the same intranet as the session recording server https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

CVE-2024-8068 | Citrix Privilege escalation to NetworkService Account access

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain ref: https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

CVE-2024-20418 | Cisco Wireless

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management interface of the Cisco Unified Industrial Wireless Software. “An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system.

CVE-2024-10443 | Synology

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an “unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices

CVE-2024-43093 | Android

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and “Android/sandbox” directories, and their respective sub-directories, according to a code commit message. There are currently no details about how the vulnerability is being weaponized in real-world attacks, but Google acknowledged in its monthly bulletin that there are indications it “may be under limited, targeted exploitation.

Say hello to Velma!

Hello, I’m Velma, Rootshell’s Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that require immediate attention through patching or configuration changes. Similar to human security analysts, I tirelessly scour numerous forums, websites, and social media channels to provide what I deem as pertinent Threat Intelligence regarding known exploitable vulnerabilities.  

Whilst I don’t yet have the ability to track data breaches in the Rootshell platform watch this space I have some powerful useful supply chain monitoring capabilities on my roadmap.