Get a demo

Voyager18 (research)

Top Cybersecurity issues of September & October 2024: Critical CVEs and Exploits to watch out from

The cybersecurity landscape has seen a surge in critical vulnerabilities over the past two months, impacting widely used software, operating systems, and cloud services. These CVEs have various implications for security across organizations, highlighting the need for vigilance in patch management and cybersecurity defenses.

Yair Divinsky | October 30, 2024

In recent months, a series of critical vulnerabilities have emerged across widely used platforms, software, and cloud services. These vulnerabilities, including flaws in Microsoft SharePoint, Cisco ASA, and VMware vCenter, allow attackers to exploit weaknesses ranging from remote code execution to privilege escalation and command injection.

As threat actors increasingly target these high-severity flaws, organizations must act swiftly to apply patches, enforce security best practices, and mitigate risks. This post covers 15 major CVEs from September and October 2024, offering detailed insights into each and guidance for protecting your infrastructure.

Here’s a detailed breakdown of 15 major vulnerabilities, their potential impacts, and recommended mitigation strategies for each.


15 Critical trending CVEs and Exploits 

The following CVEs are ranked among the most severe threats recently disclosed, with CVSS scores ranging from 8.4 to 9.9. Their impacts range from remote code execution to privilege escalation, affecting major platforms such as VMware, Microsoft Azure, SharePoint, Ivanti, Cisco, and others. 

 

CVE-2024-9680: Firefox Use-After-Free Vulnerability

CVE-2024-9680 (CVSS Score 9.8) – Mozilla has identified a critical “Use-After-Free” vulnerability in Firefox’s developer tools, specifically in the animation timeline component. This vulnerability allows remote code execution if a user visits a malicious site, exploiting a memory management flaw. Patches are available, and users should update to the latest version immediately to avoid potential exploitation. 

 

CVE-2024-8963: Path Traversal in CSA 

CVE-2024-8963 (CVSS Score 9.4) – This path traversal flaw in CSA 4.6 can allow remote attackers to bypass security restrictions, accessing unauthorized functionalities and potentially chaining with other vulnerabilities like CVE-2024-9379 for code execution. Users should upgrade to CSA 5.0.2 and monitor systems for signs of compromise. 

 

CVE-2024-7593: Authentication Bypass in Ivanti vTM 

CVE-2024-7593 (CVSS Score 9.8) – A critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) allows attackers to bypass the admin panel’s authentication process. Affecting versions below 22.2R1 and others, Ivanti has issued patches to secure the systems, urging users to update. 

 

CVE-2024-7589: VMware vCenter Server Heap Overflow Vulnerability 

CVE-2024-7589 (CVSS Score 9.8) – A critical heap-overflow flaw in VMware vCenter Server and Cloud Foundation allows remote code execution via a flaw in the DCERPC protocol. VMware released a patch update following an incomplete initial fix, and users are strongly encouraged to apply the latest updates. 

 

CVE-2024-38194: Improper Authorization in Microsoft Azure Web Apps 

CVE-2024-38194 (CVSS Score 8.4) – This vulnerability impacts Microsoft Azure Web Apps, allowing authenticated attackers to elevate privileges due to inadequate authorization mechanisms. Exploitation could lead to unauthorized access and control over Azure Web Apps resources. Microsoft has recommended configuration updates and secure access controls for affected users. 

 

CVE-2024-38018: Deserialization Vulnerability in Microsoft SharePoint 

CVE-2024-38018 (CVSS Score 8.8) – Microsoft SharePoint suffers from a deserialization vulnerability, which attackers with Site Owner permissions can exploit to execute arbitrary code. Added to CISA’s Known Exploited Vulnerabilities catalog, this flaw is actively exploited in the wild, emphasizing the need for immediate patching. 

 

CVE-2024-29824: SQL Injection in Ivanti Endpoint Manager (EPM) 

CVE-2024-29824 (CVSS Score 8.8) – An SQL injection vulnerability in Ivanti Endpoint Manager allows unauthenticated attackers to compromise data and take control of systems. With CISA marking it as exploited in the wild, this vulnerability requires immediate application of Ivanti’s May 2024 patch. 

 

CVE-2024-20424: Command Injection in Cisco Firewall Management Center (FMC) 

CVE-2024-20424 (CVSS Score 9.9) – Cisco’s Firewall Management Center contains a critical command injection flaw that permits authenticated attackers to execute commands on the operating system with root privileges. Cisco has released a patch, and users are advised to apply it to prevent potential exploits. 

 

CVE-2024-20329: OS Command Injection in Cisco ASA 

CVE-2024-20329 (CVSS Score 9.9) – Cisco ASA has an OS command injection vulnerability that allows authenticated, remote attackers to execute commands with root privileges over SSH. Exploitation could lead to full control of the affected system, and Cisco strongly advises applying the latest security update. 

 

CVE-2024-43491: Patch Rollback Vulnerability in Windows 10 

CVE-2024-43491 (CVSS Score 9.8) – Windows 10 version 1507 contains a patch rollback vulnerability, allowing attackers to re-enable previously patched vulnerabilities. Microsoft has issued updates to resolve this issue, and users are urged to keep their systems fully updated to avoid exposure. 

 

CVE-2024-38812: Heap Overflow in VMware vCenter Server and Cloud Foundation 

CVE-2024-38812 (CVSS Score 9.8) – A critical remote code execution flaw in VMware’s vCenter Server and Cloud Foundation is caused by a heap overflow in the DCERPC protocol implementation. This vulnerability requires prompt patching, as the initial fix was incomplete and may leave systems open to attack. 

 

CVE-2024-47176: Unrestricted Port Binding in CUPS 

CVE-2024-47176 (CVSS Score 5.3) – The Common Unix Printing System (CUPS) contains a medium-severity flaw where cups-browsed can bind to an untrusted port (INADDR_ANY:631). To address this, CUPS administrators should restrict network access to prevent potential exploitation. 

 

CVE-2024-45409: SAML Response Signature Bypass in Ruby SAML 

CVE-2024-45409 (CVSS Score 9.8) – Ruby SAML versions up to 1.16.0 allow attackers to bypass SAML response signatures, which could compromise authentication processes. Upgrading to Ruby-SAML 1.17.0 or 1.12.3 is critical to mitigating this high-severity vulnerability. 

 

CVE-2024-48904: Command Injection in Trend Micro Cloud Edge 

CVE-2024-48904 (CVSS Score 9.8) – A command injection vulnerability in Trend Micro Cloud Edge permits unauthenticated attackers to execute arbitrary commands. Trend Micro has provided patches, and users should apply them promptly to secure their environments. 

 

CVE-2024-47575: Command Injection in FortiManager 

CVE-2024-47575 (CVSS Score 9.8) – Fortinet’s FortiManager is vulnerable to a command injection issue, which allows attackers to execute commands on port 541. Fortinet recommends restricting access to this port and applying the latest patches to prevent unauthorized access. 


Conclusion

These vulnerabilities highlight the importance of timely updates and continuous monitoring to protect against exploitation. Organizations are urged to apply all available patches, review access controls, and implement additional security measures where necessary. This proactive approach is crucial for protecting systems from potential exploitation by threat actors. 

 

Further reading

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. Q3 2024 Vulnerability Watch
  2. The MITRE ATT&CK framework: Getting started
  3. The true impact of exploitable vulnerabilities for 2024
  4. Vulnerability disclosure policy (and how to get it right)
  5. How to properly tackle zero-day threats

Get rid of silos;

Start owning exposure risk

Test drive the leader in exposure risk management