- Platform
OVERVIEW
Capabilities
- Solutions
USE CASES
- Cyber Risk Hub
LIBRARY
- Company
GET TO KNOW US
- Pricing
The cybersecurity landscape has seen a surge in critical vulnerabilities over the past two months, impacting widely used software, operating systems, and cloud services. These CVEs have various implications for security across organizations, highlighting the need for vigilance in patch management and cybersecurity defenses.
In recent months, a series of critical vulnerabilities have emerged across widely used platforms, software, and cloud services. These vulnerabilities, including flaws in Microsoft SharePoint, Cisco ASA, and VMware vCenter, allow attackers to exploit weaknesses ranging from remote code execution to privilege escalation and command injection.
As threat actors increasingly target these high-severity flaws, organizations must act swiftly to apply patches, enforce security best practices, and mitigate risks. This post covers 15 major CVEs from September and October 2024, offering detailed insights into each and guidance for protecting your infrastructure.
The following CVEs are ranked among the most severe threats recently disclosed, with CVSS scores ranging from 8.4 to 9.9. Their impacts range from remote code execution to privilege escalation, affecting major platforms such as VMware, Microsoft Azure, SharePoint, Ivanti, Cisco, and others.
CVE-2024-9680 (CVSS Score 9.8) – Mozilla has identified a critical “Use-After-Free” vulnerability in Firefox’s developer tools, specifically in the animation timeline component. This vulnerability allows remote code execution if a user visits a malicious site, exploiting a memory management flaw. Patches are available, and users should update to the latest version immediately to avoid potential exploitation.
CVE-2024-8963 (CVSS Score 9.4) – This path traversal flaw in CSA 4.6 can allow remote attackers to bypass security restrictions, accessing unauthorized functionalities and potentially chaining with other vulnerabilities like CVE-2024-9379 for code execution. Users should upgrade to CSA 5.0.2 and monitor systems for signs of compromise.
CVE-2024-7593 (CVSS Score 9.8) – A critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) allows attackers to bypass the admin panel’s authentication process. Affecting versions below 22.2R1 and others, Ivanti has issued patches to secure the systems, urging users to update.
CVE-2024-7589 (CVSS Score 9.8) – A critical heap-overflow flaw in VMware vCenter Server and Cloud Foundation allows remote code execution via a flaw in the DCERPC protocol. VMware released a patch update following an incomplete initial fix, and users are strongly encouraged to apply the latest updates.
CVE-2024-38194 (CVSS Score 8.4) – This vulnerability impacts Microsoft Azure Web Apps, allowing authenticated attackers to elevate privileges due to inadequate authorization mechanisms. Exploitation could lead to unauthorized access and control over Azure Web Apps resources. Microsoft has recommended configuration updates and secure access controls for affected users.
CVE-2024-38018 (CVSS Score 8.8) – Microsoft SharePoint suffers from a deserialization vulnerability, which attackers with Site Owner permissions can exploit to execute arbitrary code. Added to CISA’s Known Exploited Vulnerabilities catalog, this flaw is actively exploited in the wild, emphasizing the need for immediate patching.
CVE-2024-29824 (CVSS Score 8.8) – An SQL injection vulnerability in Ivanti Endpoint Manager allows unauthenticated attackers to compromise data and take control of systems. With CISA marking it as exploited in the wild, this vulnerability requires immediate application of Ivanti’s May 2024 patch.
CVE-2024-20424 (CVSS Score 9.9) – Cisco’s Firewall Management Center contains a critical command injection flaw that permits authenticated attackers to execute commands on the operating system with root privileges. Cisco has released a patch, and users are advised to apply it to prevent potential exploits.
CVE-2024-20329 (CVSS Score 9.9) – Cisco ASA has an OS command injection vulnerability that allows authenticated, remote attackers to execute commands with root privileges over SSH. Exploitation could lead to full control of the affected system, and Cisco strongly advises applying the latest security update.
CVE-2024-43491 (CVSS Score 9.8) – Windows 10 version 1507 contains a patch rollback vulnerability, allowing attackers to re-enable previously patched vulnerabilities. Microsoft has issued updates to resolve this issue, and users are urged to keep their systems fully updated to avoid exposure.
CVE-2024-38812 (CVSS Score 9.8) – A critical remote code execution flaw in VMware’s vCenter Server and Cloud Foundation is caused by a heap overflow in the DCERPC protocol implementation. This vulnerability requires prompt patching, as the initial fix was incomplete and may leave systems open to attack.
CVE-2024-47176 (CVSS Score 5.3) – The Common Unix Printing System (CUPS) contains a medium-severity flaw where cups-browsed can bind to an untrusted port (INADDR_ANY:631). To address this, CUPS administrators should restrict network access to prevent potential exploitation.
CVE-2024-45409 (CVSS Score 9.8) – Ruby SAML versions up to 1.16.0 allow attackers to bypass SAML response signatures, which could compromise authentication processes. Upgrading to Ruby-SAML 1.17.0 or 1.12.3 is critical to mitigating this high-severity vulnerability.
CVE-2024-48904 (CVSS Score 9.8) – A command injection vulnerability in Trend Micro Cloud Edge permits unauthenticated attackers to execute arbitrary commands. Trend Micro has provided patches, and users should apply them promptly to secure their environments.
CVE-2024-47575 (CVSS Score 9.8) – Fortinet’s FortiManager is vulnerable to a command injection issue, which allows attackers to execute commands on port 541. Fortinet recommends restricting access to this port and applying the latest patches to prevent unauthorized access.
These vulnerabilities highlight the importance of timely updates and continuous monitoring to protect against exploitation. Organizations are urged to apply all available patches, review access controls, and implement additional security measures where necessary. This proactive approach is crucial for protecting systems from potential exploitation by threat actors.
Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: