Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending September, 2024
Subscribers favorite #1
PoC exploit for Jenkins Bug CVE-2024-43004 released
A security researcher from Conviso Labs published the technical details and a proof-of-concept (PoC) exploit for a critical vulnerability in Jenkin.
The vulnerability tracked as CVE-2024-43044 is classified as an arbitrary file read vulnerability, which allows an agent to read files from the Jenkins controller. The root cause lies in the Jenkins feature that permits the controller to transmit JAR files to its agents. The vulnerability exists because the ClassLoaderProxy#fetchJar method, invoked on the controller, fails to restrict the file paths that agents can request. This lack of restriction enables unauthorized file access on the controller’s file system……
Subscribers favorite #2
Ivanti fixes critical vulnerability in EPM -CVE-2024-29847
Ivanti fixed a critical vulnerability in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server
The vulnerability tracked as CVE-2024-29847 with a CVSS score of 10, in its Endpoint Management software (EPM) is a deserialization of untrusted data issue that resides in the agent portal, attackers can exploit the flaw to achieve remote code execution on the core server……
Subscribers favorite #3
Microsoft Kernel Vulnerability CVE-2024-37985 exploited
Microsoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in the wild. This vulnerability, first released on July 9, 2024, and last updated on September 17, 2024, poses a significant risk due to its potential for information disclosure.
The vulnerability has a CVSS score of 5.9 and stems from a weakness identified as CWE-1037: Processor Optimization Removal or Modification of Security-critical Code, which will lead to unauthorized information disclosure…..
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
GitLab fixes critical vulnerability CVE-2024-45409
GitLab has released security patches for a critical vulnerability that affects both GitLab Community Edition (CE) and Enterprise Edition (EE) that allows a threat actor to bypass authentication checks and gain access to sensitive GitLab projects, including source code repositories, without needing to supply valid credentials.
The flaw, identified as CVE-2024-45409, with a CVSS score of 10, stems from improper signature verification in certain versions of the Ruby-SAML library (<=12.2 and 1.13.0 through 1.16.0). This flaw allows an unauthenticated attacker to forge a SAML response, effectively granting them access to GitLab as any arbitrary user……
Subscribers favorite #5
Veeam fixes several vulnerabilities in its products
Several critical vulnerabilities have been discovered in Veeam Service Provider Console and Veeam Backup & Replication could allow attackers to gain unauthorized access, execute malicious code, and potentially compromise sensitive data.
- CVE-2024-38650 with a CVSS score of 9.9 is a vulnerability enabling low-privileged attackers to access the NTLM hash of the service account on the Veeam Service Provider Console server, paving the way for potential lateral movement and further system compromise.
- CVE-2024-39714 with a CVSS score of 9.9 flaw permits low-privileged users to upload arbitrary files to the server, ultimately leading to remote code execution and granting attacker’s full control.
- CVE-2024-40711 with a CVSS 9.8 is a flaw in Veeam Backup & Replication allows unauthenticated attackers to execute code remotely, granting them full control over the affected system. Organizations relying on Veeam Backup & Replication for data protection are strongly urged to apply the latest patch (Veeam Backup & Replication 12.2 build 12.2.0.334) immediately.
- CVE-2024-39715 with a CVSS 8.5, like the previous vulnerability, this one allows low-privileged users with REST API access to remotely upload arbitrary files, again leading to remote code execution.
- CVE-2024-38651 with a CVSS 8.5, enables low-privileged users to overwrite files on the Veeam Service Provider Console server, which can also facilitate remote code execution.
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
