Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, June 22, 2024.
PoC Exploit released for SolarWinds flaw CVE-2024-28895
SolarWinds recently released a patch for a newly discovered path-traversal vulnerability in Serv-U, tracked as CVE-2024-28995. The vulnerability affects SolarWinds Serv-U versions 15.4.2 HF 1 and earlier. Versions 15.4.2 HF 2 and later have been patched to mitigate the issue. Now a working PoC has been released towards exploiting the vulnerabilities
CVE-2024-28995 is a path-traversal vulnerability that allows unauthenticated attackers to retrieve arbitrary files from the filesystem. The exploit can be executed via a simple GET request to the root directory (/) with the parameters InternalDir and InternalFile specifying the target folder and file, respectively. The vulnerability arises from inadequate validation of path traversal segments (../), permitting attackers to bypass security checks……
Asus addresses several critical vulnerabilities
ASUS has released patches for addressing several vulnerabilities resides in its router products.
The first one is a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 with a CVSS score of 9.8, which is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication. Asus also addressed a critical upload arbitrary firmware flaw, tracked as CVE-2024-3912 with a CVSS score of 9.8, is an unauthenticated, remote attacker can exploit the flaw to execute system commands on the vulnerable device…..
CDK Global hit with a Cyber Incident
CDK Global, a car dealer in North America has been hit by a cyberattack that lead to take its systems offline and clients being unable to process regular business transactions. Founded in 2014, CDK provides data and technology solutions to the automotive, heavy truck, recreation, and heavy equipment industries.
A spokesperson said, “shut all systems down, executed extensive testing and consulted with external third-party experts.” The same report notes that the company’s core dealer management system and digital retailing solutions have since been restored and that CDK is also testing other applications before bringing them back online……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
VMware fixes critical vulnerabilities in its products
VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, urging customers to immediately install updates containing patches.The vulnerabilities are memory management and corruption flaw, potentially leading to remote code execution.
For customers using vCenter Server v 7.0, v 7.0 U3r is available, which contains fixes for CVE-2024-37079, CVE-2024-37080, CVE-2024-37081……
Google Chrome 126 fixes 6 vulnerabilities
Google released Chrome 126 that patches six security issues, four of which address high-severity vulnerabilities reported by external researchers.
The first reported bug tracked as CVE-2024-6100 is a high-severity type confusion issue in the V8 JavaScript engine. The second issue addressed is CVE-2024-6101, is an inappropriate implementation in WebAssembly.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
