This blog series is a brand new from TheCyberThrone. Starting this week, the most exploited vulnerabilities in the week will be discussed. Its based on the exploitation by the threat actors, vulnerable instances available over the internet and discussion on the dark web.
This review is for the week ending Saturday, October 19, 2024.
Veeam Backup & Replication
CVE-2024-40711: This critical deserialization of untrusted data vulnerability impacts Veeam Backup & Replication (VBR) and can lead to unauthenticated remote code execution (RCE). Recently, researchers discovered that Akira and Fog ransomware groups are now exploiting the vulnerability to gain RCE on vulnerable servers.
GitLab
CVE-2024-9164: This critical vulnerability impacts GitLab Enterprise Edition (EE). The flaw allows unauthorized users to trigger Continuous Integration/Continuous Delivery (CI/CD) pipelines on any branch of a repository. An attacker capable of bypassing branch protections could potentially perform code execution or gain access to sensitive information.
FortiOS
CVE-2024-23113: A critical Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon. Originally identified in February in the FortiOS fgfmd daemon, it exploited in the wild until October mid.
Treck
CVE-2020-11899: An Out-of-bounds Read vulnerability, used as part of the “Ripple20” series of vulnerabilities could be deadly. Its a four-year-old known vulnerability in the Treck TCP/IP stack that was developed as an IPv6 implementation for the limited space of embedded devices. That means there’s a good chance the flaw – which affects Treck TCP/IP versions before 6.0.1.66 – is present in any medical, industrial or critical infrastructure device that supports IPv6, and some consumer devices.
Zimbra
CVE-2024-45519: A critical Remote Code Execution (RCE) vulnerability was discovered in the postjournal service of the Zimbra Collaboration Suite, a widely used email and collaboration platform
Ivanti Vulnerabilities
- CVE-2024-9379: Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker with administrative privileges to run arbitrary SQL statements.
- CVE-2024-9380: Successful exploitation of the OS command injection vulnerability could allow a remote authenticated attacker with administrative privileges to perform remote code execution.
These vulnerabilities can be chained with an earlier disclosed vulnerability CVE-2024-8963 to bypass admin authentication and perform remote code execution on vulnerable appliances. These vulnerabilities affect Ivanti CSA versions 5.0.1 and prior.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
