Welcome to TheCyberThrone most exploited vulnerabilities review. This review is for the weeks ending Saturday, November 9, 2024.
Grafana Labs
The vulnerability tracked as CVE-2024-9264 with a 9.4-severity vulnerability in the SQL Expressions experimental feature of Grafana, an open-source analytics and monitoring platform developed by Grafana Labs. It affects Grafana’s SQL Expressions experimental feature, which allows for evaluating duckdb queries containing user input. The issue arises because these queries are not properly sanitized before being passed to duckdb, leading to command injection and local file inclusion vulnerabilities.
This means that any user with VIEWER or higher permissions can potentially exploit this vulnerability to execute arbitrary commands or access files on the host machine. To mitigate this vulnerability, Grafana Labs has released patches for versions 11.0.x, 11.1.x, and 11.2.x. It’s highly recommended to upgrade to one of the patched versions as soon as possible.
CyberPanel
The vulnerabilities are tracked as CVE-2024-51567 and CVE-2024-51568 with a CVSS score of 10.0, deemed to be critical vulnerabilities in CyberPanel, an open-source web hosting control panel designed to simplify server management, particularly for those using the LiteSpeed web server. CVE-2024-51567 is a flaw in upgrademysqlstatus in databases/views.py, which allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware and using shell metacharacters in the statusfile property, and was exploited in the wild in October in a massive PSAUX ransomware attack.
CVE-2024-51568 is a command injection vulnerability that affects the ProcessUtilities.outputExecutioner() function in CyberPanel. Specifically, it occurs via the completePath parameter. This vulnerability allows attackers to execute arbitrary commands by exploiting the /filemanager/upload endpoint, leading to unauthenticated remote code execution.
Based on the evidence of mass exploitation, this vulnerability has been added to the CISA KEV catalog on November 06, 2024.
SonicWall SonicOS
The vulnerability tracked as CVE-2024-40766 with a CVSS score of 9.8, deemed to be critical vulnerability affecting SonicWall’s SonicOS operating system, specifically impacting the management access and SSL VPN features. The ransomware operators, particularly those behind Fog and Akira ransomware, are exploiting this vulnerability to gain initial access to networks. They have seen at least 30 intrusions involving compromised SonicWall SSL VPN accounts, with 75% of these attacks deploying Akira ransomware.
SonicWall has released patches to address this vulnerability, and they strongly recommend users upgrade to the latest firmware versions and implement additional security measures such as multi-factor authentication (MFA) and restricting access to trusted sources
Based on the evidence of mass exploitation, this vulnerability has been added to the CISA KEV catalog on September 10, 2024.
Cisco VPN Vulnerability
The vulnerability tracked as CVE-2024-20481, with a CVSS score of 5.8, its deemed to be a medium severity vulnerability. It resides in the RAVPN service of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. This flaw allows unauthenticated, remote attackers to overwhelm the RAVPN service with a flood of authentication requests, ultimately causing a denial-of-service (DoS) condition. Cisco has confirmed active exploitation of this vulnerability and urges users to update their devices immediately.
Based on the evidence of mass exploitation, this vulnerability has been added to the CISA KEV catalog. This vulnerability 2-3 weeks in a row is massively exploited
Fortinet FortiProxy
The vulnerability tracked as CVE-2024-21762, with a CVSS score of 9.8, it deemed to be critical. A out-of-bounds write vulnerability [CWE-787] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Based on the evidence of mass exploitation, this vulnerability has been added to the CISA KEV catalog on February 09, 2024.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
