Overview
Cisco have released security advisories addressing high-severity vulnerabilities affecting Cisco IOS XR Software:
- CVE-2024-20318 – Layer 2 Services Denial of Service vulnerability
- CVE-2024-20320 – ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service vulnerability
- CVE-2024-20327 – SSH Privilege Escalation vulnerability
Fortra have released a security update addressing a critical vulnerability discovered in FileCatalyst Workflow, with the potential to lead to remote code execution. CVE-2024-25153 involves directory traversal within the ftpservlet of the affected service, allowing malicious actors to execute code, including web shells, through successfully uploaded files to the web portal.
WordPress have released a warning to users of miniOrange’s Malware Scanner and Web Application Firewall plugins, advising customers to remove the plugins from their websites until patches can be issued. Versions affected include 4.7.2 and 2.1.1 respectively. The vulnerability, referred to as CVE-2024-2172, is classed as critical with a base score of 9.8, makes it possible for attackers to grant themselves administrative privileges through updating their user password, potentially leading to complete compromise of the site and the ability to upload malicious software and backdoors to the site for attack persistence.
Atlassian have released their March security update, 24 high-severity and 1 critical vulnerability found in their products. Affected products include Confluence Data Center, Confluence Server, Bitbucket Server, Bitbucket Data Center, Bamboo Server, Bamboo Data Center, Jira Server and Jira Data Center. The critical vulnerability, catalogued as CVE-2024-1597, could allow an unauthenticated attacker to expose data stored on an affected server. Other vulnerabilities could allow denial-of-service, remote code execution or information exposure on an affected system
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Cisco – CVE-2024-20318, CVE-2024-20320, CVE-2024-20327.
Fortra – Security Advisory.
WordPress – Article: The Hacker News.
Atlassian – Security Bulletin.
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.