Welcome to TheCyberThrone most exploited vulnerabilities review. This review is for the month of November 2024
CVE-2024-9463: Palo Alto OS Command Injection
CVSS 3.1 Score : 9.9 CISA KEV: Yes
This vulnerability is an OS Command Injection flaw in Palo Alto Networks’ Expedition tool, which could allow attackers to execute arbitrary code on the affected system. The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions.
CVE-2024-9465: Palo Alto OS SQL Injection
CVSS 3.1 Score : 9.2 CISA KEV: Yes
This is an SQL injection vulnerability in the same Expedition tool. This flaw allows attackers to manipulate database queries, potentially stealing, modifying, or deleting sensitive data.
Ensure networks access to Expedition is restricted to authorized users, hosts, or networks. If Expedition is not in active use, ensure that Expedition software is shut down.
With the following command on an Expedition system (replace “root” with your username if you are using a different username):
mysql -uroot -p -D pandb -e "SELECT * FROM cronjobs;"
If you see any records returned, this indicates a potential compromise. Please note that if no records are returned, the system may still be compromised. This is only intended to indicate a potential compromise, rather than confirm a system has not been compromised.
CVE-2024-0012: Palo Alto Authentication Bypass Vulnerability
CVSS 3.1 Score : 9.8 CISA KEV: Yes
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities
This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series).
CVE-2024-9474: Palo Alto Privilege Escalation Vulnerability
CVSS 3.1 Score : 7.2 CISA KEV: Yes
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.
This issue is applicable to PAN-OS 10.1, PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software on PA-Series, VM-Series, and CN-Series firewalls and on Panorama (virtual and M-Series) and WildFire appliances.
CVE-2024-38812: VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
CVSS 3.1 Score : 9.8 CISA KEV: Yes
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVE-2024-38813: VMware vCenter Server Privilege Escalation Vulnerability
CVSS 3.1 Score : 9.8 CISA KEV: Yes
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
CVE-2024-44308: Apple Multiple Products Code Execution Vulnerability
CVSS 3.1 Score : 8.8 CISA KEV: Yes
This vulnerability is Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1.
CVE-2024-44309: Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
CVSS 3.1 Score : 6.1 CISA KEV: Yes
This vulnerability is a cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVE-2024-10914: D-NAS Command Injection Vulnerability
CVSS 3.1 Score : 8.1 CISA KEV: No
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2024-42057: Zyxel Command Injection Vulnerability
CVSS 3.1 Score : 8.1 CISA KEV: No
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.
This brings end of this review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
