Overview
Ivanti have released a security advisory addressing multiple vulnerabilities in Ivanti Avalanche; two of which have been categorised as critical with base scores of 9.8. Both are heap overflow vulnerabilities.
- CVE-2024-24996 is contained within the WLInfoRailService component and could allow an unauthenticated remote attacker to execute arbitrary commands.
- CVE-2024-29204 affects the WLAvalancheService
Atlassian have released their April security bulletin, covering six vulnerabilities affecting four different product lines. Three vulnerabilities affect Bamboo Data Center and Data Server, including a server-side forgery request vulnerability that could allow unauthenticated attackers to expose assets susceptible to exploitation in the targeted system’s environment. Confluence Data Center and Server, Jira Software Server and Data Center, and Jira Service Management Server and Data Center are all affected by different DoS vulnerabilities.
VMware have released security updates to address multiple vulnerabilities in SD-WAN Edge and SD-WAN Orchestrator modules of the SD-WAN management software.
- CVE-2024-22246 is an unauthorised command injection vulnerability which could allow an attacker to achieve remote code execution on the host machine.
- CVE-2024-22247 is a missing authentication and protection mechanism vulnerability which can be exploited if the malicious actor had physical access to an affected appliance, and so could access the BIOS configuration to exploit boot priority.
- CVE-2024-22248 is an open redirect vulnerability in which malicious attackers could redirect victims to an attacker controlled domain due to improper path handling, leading to sensitive information disclosure.
CISCO have released security advisories addressing two command injection vulnerabilities, affecting the CLI of CISCO Integrated Management Controller, which could lead to privilege escalation.
- CVE-2024-20295, with a base score of 8.8, could allow an authenticated local attacker to perform command injection attacks on the operating system and elevate user privileges to Root-level.
- CVE-2024-220356, with a base score of 8.7, is a web-based management interface command injection vulnerability that could allow an authenticated remote attacker with Administrator-level privileges to perform command injection to elevate their privileges to Root-level.
CISCO have released security advisories for vulnerabilities affecting Adaptive Security Appliance (ASA) and FirePower Threat Defense (FTD). These vulnerabilities are currently being exploited by nation state-sponsored attackers as part of an espionage campaign called ‘Arcane Door’:
- CVE-2024-20353, with a base score of 8.6, is an infinite-loop vulnerability
- CVE-2024-20359, with a base score of 6, is a code-injection vulnerability
- CVE-2024-20358, with a base score of 6, is a command-injection vulnerability.
Oracle have released a critical patch update addressing 441 vulnerabilities found in Oracle code and in third-party components. Hospitality Symphony and VM VirtualBox are both affected by multiple critical vulnerabilities, with base scores above 9.8. The company suggest customers who use any Oracle products review the latest update and apply the relevant actions and patches.
CrushFTP have released a summary revealing a zero-day vulnerability currently being exploited in the wild, which could allow an attacker to escape the virtual file system and download system files. All versions prior to 11.1 of CrushFTP are believe to be affected. The zero-day vulnerability does not yet have a CVE identifier, however customers are advised to review the latest release notes and install the relevant update.
Word Press – WP Automatic plugin: a vulnerability (CVE-2024-27956) with a severity score of 9.9 is currently being exploited by cyber-attackers, as disclosed by Patchstack. This vulnerability can allow SQL injection and ‘This could allow a malicious actor to directly interact with your database, including but not limited to stealing information’. Patchstack has released a virtual patch to block attacks but recommends updating to a fixed version.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Ivanti – Avalanche Security Hardening.
Atlassian – April Security Bulletin.
VMware – Security Advisory.
CISCO – CLI Command Injection and Web-based Management Interface.
CISCO – ‘Arcane Door’ article and Firewall Security advisory
Oracle – Critical Patch Update.
CrushFTP – Security Update.
Word Press – Patchstack advisory
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.