Ransomware

Weekly Vulnerability Report: Critical Flaws In Microsoft, Adobe, MOVEit

Nearly a million IT assets are exposed to this week's top vulnerabilities, Cyble security researchers found.

by Paul Shread June 28, 2024

Share on LinkedInShare on Twitter

Cyble Research & Intelligence Labs (CRIL) analyzed 23 vulnerabilities in its weekly vulnerability report for June 19-25, including critical flaws in products from the likes of Microsoft, Adobe, MOVEit and more.

The report focuses on 10 vulnerabilities in particular: Three in Microsoft products – including a 7-year-old Office flaw facing new exploits – and one each in products from Adobe, MOVEit, VMware, Fortra, Phoenix Technologies, SolarWinds, and Themify.

Thousands of new security vulnerabilities are discovered each year, yet only a small percentage of those are actively exploited by threat actors. To help security teams focus on the most important vulnerabilities and threats, The Cyber Express each week partners with Cyble’s highly skilled dark web and threat intelligence researchers to highlight security vulnerabilities that warrant particularly close attention.

The Week’s Top Vulnerabilities

These are the 10 high-severity and critical vulnerabilities Cyble researchers focused on this week.

CVE-2024-5276

Impact Analysis: This critical SQL Injection vulnerability in Fortra FileCatalyst Workflow, a web-based file transfer platform accelerating large file exchanges, allows an attacker to modify application data, with likely impacts including the creation of administrative users and deletion or modification of data in the application database. It is worth noting that data exfiltration via SQL injection is not possible by leveraging the vulnerability; further successful unauthenticated exploitation requires a Workflow system with anonymous access enabled; otherwise, an authenticated user is required.

Internet Exposure? No

Patch Available? Yes

CVE-2024-5806

Impact Analysis: This critical improper authentication vulnerability impacts Progress MOVEit Transfer (SFTP module), which can lead to authentication bypass in the secure managed file transfer application. With successful exploitation, an attacker could access sensitive data stored on the MOVEit Transfer server; upload, download, delete, or modify files; and intercept or tamper with file transfers. Within a day of the vendor disclosing the vulnerability, security researchers started to observe exploitation attempts targeting it due to its vast exposure and impact, Cyble researchers noted.

Patch Available? Yes

CVE-2024-0762

Impact Analysis: This high-severity buffer overflow vulnerability impacts unsafe UEFI variable handling in Phoenix SecureCore, an advanced UEFI firmware solution developed for client PCs, notebooks, and IoT/embedded devices. The vulnerability could be exploited to execute code on vulnerable devices. Furthermore, given the enormous number of Intel CPUs that use this firmware, the vulnerability might affect hundreds of models from vendors, including Lenovo, Dell, Acer, and HP, Cyble researchers noted.

Internet Exposure? No

Patch Available? Yes

CVE-2024-34102

Impact Analysis: This critical improper restriction of XML external entity reference (‘XXE’) vulnerability impacts Adobe Commerce, a leading digital commerce solution for merchants and brands. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities, leading to arbitrary code execution.

Patch Available? Yes

CVE-2024-28995

Impact Analysis: The high severity directory transversal vulnerability impacts SolarWinds Serv-U, a secure managed file transfer (MFT) solution. Successful exploitation of the vulnerability could allow threat actors access to read sensitive files on the host machine. Recently researchers have observed active exploitation of vulnerability leveraging publicly available proof-of-concept (PoC) exploits.

Patch Available? Yes

CVE-2017-11882

Impact Analysis: The high-severity vulnerability impacts Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016. It could allow an attacker to run arbitrary code in the context of the current user by failing to handle objects in memory properly. Recently, researchers uncovered that this 7-year-old vulnerability was leveraged in cyberespionage campaigns orchestrated by alleged state-sponsored groups.

Internet Exposure? No

Patch Available? Yes

CVE-2024-6027

Impact Analysis: The high-severity vulnerability impacts the Themify WooCommerce Product Filter plugin for WordPress, which could lead to time-based SQL Injection via the ‘conditions’ parameter. Exploiting the vulnerability makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Internet Exposure? Yes

Patch Available? Yes – upgrade to version 1.5.0

CVE-2024-37079

Impact Analysis: Cyble also addressed this vulnerability in last week’s vulnerability report. The critical severity heap-overflow vulnerability impacts the VMware vCenter Server, a central management platform for VMware vSphere that enables the management of virtual machines and ESXi hosts. Given the global usage of the impacted product and the history of leveraging the flaws impacting vCenter, Cyble said there are possibilities that threat actors (TAs) could also leverage this critical vulnerability.

Internet Exposure? Yes

Patch Available? Yes

CVE-2024-30103

Impact Analysis: This high-severity remote code execution (RCE) vulnerability impacts Microsoft Outlook. Since the RCE flaw can be exploited simply by opening and previewing an email that contains a malicious payload in the body, requiring no further interaction from the user, there are high possibilities for TAs to weaponize the vulnerability in targeting government and private entities.

Internet Exposure? No

Patch Available? Yes

CVE-2024-30078

Impact Analysis: This high severity remote code execution (RCE) vulnerability impacts Windows Wi-Fi Driver. With the wide usage of Windows devices around the world and the ability to exploit without the need for any user interaction, TAs can leverage the flaw to gain initial access to the devices and later install malware and exfiltrate user data.

Internet Exposure? No

Patch Available? Yes

Dark Web Exploits

Cyble’s scans of customer environments found nearly a million exposed assets for just 7 vulnerabilities this week. Nearly 200,000 assets were exposed to the the VMware vCenter Server vulnerability, while a PHP vulnerability (CVE-2024-4577) reported two weeks ago continues to dominate, affecting nearly 600,000 exposed assets.

Cyble researchers also observed five instances of alleged zero-day vulnerabilities being offered on sale on underground forums, plus a number of exploits/proof of concepts/custom scripts observed over underground forums. The full report available for clients covers all these vulnerabilities, along with details and discussion around exploits found on the dark web, industrial control system (ICS) vulnerability intelligence, and cybersecurity defenses.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button