Hello, I’m Velma, Rootshell’s Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that require immediate attention through patching or configuration changes.
Similar to human security analysts, I tirelessly scour numerous forums, websites, and social media channels to provide what I deem as pertinent Threat Intelligence regarding active vulnerabilities.
This month vulnerabilities of interest that I have been paying attention to include issues by XV Utils for Linux, Ivanti (Again), Dlink Atlassian & Microsoft.
Below is the complete list of vulnerabilities for this month:
CVE-2024-3094 | Linux XV Utils Remote Code Execution
Malicious code was found by Microsoft security researchers in the source code of XZ Utils, beginning with version 5.6.0. A hidden test file is used during the compilation process to extract malicious code and change the functionality of the liblzma component of XZ Utils. This allows liblzma to intercept and alter data exchanges for any library that relies on it, including libsystemd. Specifically, certain Linux distributions use libsystemd for SSH, and could therefore be vulnerable to RCE. Thankfully and credit to Microsoft this was discovered before it was rolled to many updates in Linux distributions so the impact should be small.
CVE-2024-21894 and CVE-2024-22053 | Ivanti Arbitrary Code Execution and Denial of Service
Ivanti has released security updates addressing four vulnerabilities in Connect Secure and Policy Secure Gateways.
Ivanti Connect Secure and Policy Secure Gateways are SSL VPN solutions used for remote and mobile access to corporate resources.
Two of the vulnerabilities, CVE-2024-21894 and CVE-2024-22053, are heap overflow vulnerabilities with a CVSSv3 score of 8.2 and could allow an unauthenticated attacker to read contents from memory or perform arbitrary code execution. The other two vulnerabilities, CVE-2024-22052 and CVE-2024-22023, could allow an authenticated attacker to cause a denial-of-service condition.
CVE-2023-41724 | Ivanti Arbitrary Code Execution
Ivanti has released security updates to address a vulnerability affecting Ivanti Sentry Standalone, an in-line gateway that manages, encrypts, and secures traffic between mobile devices and back-end systems. Designated CVE-2023-41724, the vulnerability has a CVSSv3 score of 9.6 and could allow an unauthenticated attacker to execute arbitrary commands or achieve remote code execution.
CVE-2024-1597 | Atlassian Critical Severity Vulnerability
The Atlassian March 2024 Security Bulletin addresses one critical severity vulnerability in Bamboo Data Center and Server, along with 24 high severity vulnerabilities in Bamboo, Bitbucket, Confluence and Jira Data Centers and Servers.
The critical severity vulnerability has been assigned CVE-2024-1597, and could allow an unauthenticated attacker to expose data stored on an affected server. Other vulnerabilities could allow denial-of-service, remote code execution or information exposure on an affected system.
CVE-2024-3272 | Dlink End-of-Life Products
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in an advisory, said it does not plan to ship a patch and instead urges customers to replace them.
CVE-2024-25153 | Fortra FileCatalyst Remote Code Execution
Fortra has released a security update addressing a critical vulnerability found in the FileCatalyst Workflow portal. This vulnerability was initially reported in August 2023 but has now been fully disclosed by Fortra. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. The vulnerability assigned CVE-2024-25153 is an external control of assumed-immutable web parameter vulnerability. An attacker could exploit this vulnerability to achieve remote code execution by uploading a specially crafted file to the FileCatalyst Workflow portal.
CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability
Microsoft SmartScreen prompt security feature bypass vulnerability (CVSS score: 8.8) caused by a protection mechanism failure weakness.
CVE-2024-26234 | Proxy Driver Spoofing Vulnerability
Microsoft proxy driver spoofing vulnerability (CVSS score: 6.7), was issued to track a malicious driver signed using a valid Microsoft Hardware Publisher Certificate that was found by Sophos X-Ops in December 2023.
Subscribe So You Never Miss an Update
