Last week, critical vulnerability news surfaced across many platforms, with the majority of events occurring just before the Fourth of July. These vulnerabilities affected diverse areas, including network infrastructure, software libraries, IoT devices, and even CPUs.
OpenSSH resolved a signal handler race problem, Juniper Networks managed an authentication bypass, and CocoaPods faced supply chain attack concerns. Cisco discovered a command injection issue, while a side-channel attack exposed Intel CPUs. Rockwell Automation handled RCE issues. Traeger addressed unauthorized controls on IoT grills before July 4th. If you’re compromised, apply patches and additional mitigating methods right away.
July 1, 2024
OpenSSH Releases Security Updates to Address RCE
Type of vulnerability: Signal handler race condition in OpenSSH server.
The problem: CVE-2024-6387 is a signal handler race issue within OpenSSH’s server (sshd) that affects glibc-based Linux systems. It supports unauthenticated remote code execution with root privileges. This bug impacts OpenSSH versions 8.5p1 through 9.7p1. It’s a regression of an 18-year-old flaw (CVE-2006-5051) that was reintroduced in October 2020.
The fix: OpenSSH issued updates to address CVE-2024-6387. Implement these changes immediately. To reduce risk, restrict SSH access via network controls, enforce segmentation, and do extensive regression testing to avoid known vulnerabilities from resurfacing. Regularly update and follow secure development methods, particularly in open-source projects.
Juniper Networks Addresses Authentication Bypass Vulnerability
Type of vulnerability: Authentication bypass using an alternate path.
The problem: CVE-2024-2973 is a severe authentication bypass vulnerability in Juniper Networks’ Session Smart Router and Conductor that affects high-availability redundancy deployments. It has a CVSS score of 10.0. The vulnerability allows attackers to circumvent authentication and obtain complete control of the compromised devices. It’s discovered during internal testing and affects many router versions.
The fix: Juniper Networks has published automatic fixes for vulnerable devices managed using MIST Cloud. Update your routers to the most recent versions (5.6.15, 6.1.9-lts, 6.2.5-sts). To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date.
CocoaPods Patches Vulnerabilities to Prevent Supply Chain Attacks
Type of vulnerability: Authentication bypass and insecure email verification.
The problem: Three critical CocoaPods vulnerabilities (CVE-2024-38366, CVE-2024-38367, and CVE-2024-38368) enabled attackers to claim unclaimed pods, alter packages, and execute arbitrary code on the Trunk server. These vulnerabilities put iOS and macOS apps at risk of serious supply chain attacks. Issues occurred from unsecure email verification and a defective parcel claim process that dates back to 2014.
The fix: CocoaPods fixed these flaws and reset all user sessions since October 2023. Make sure to update to the most recent CocoaPods version and constantly check your dependencies for any unapproved modifications. To avoid similar vulnerabilities, your organization should enhance their email verification processes and employ safe development standards.
Boost your organization’s permissions security by using an identity and access management solution. Read our guide to see the best IAM solutions available, including their strengths, weaknesses, cost, and more.
July 2, 2024
Velvet Ant Exploits Zero-Day Flaw in Cisco NX-OS Software
Type of vulnerability: Command injection.
The problem: CVE-2024-20399 is a command injection vulnerability in Cisco NX-OS Software that enables authorized local attackers to run arbitrary commands as root. China’s Velvet Ant hackers used this vulnerability to launch custom malware, hack into vulnerable computers, and upload files without generating syslog notifications. It affects various Cisco Nexus switches, and the fundamental cause is insufficient validation of CLI command parameters.
The fix: Cisco issued patches for CVE-2024-20399. Administrators should apply these updates as soon as possible and conduct frequent reviews of access controls and monitoring processes. To detect and mitigate these vulnerabilities, use stronger logging and centralized log analysis. To avoid attacks like this, properly validate CLI commands and make sure your administrative credentials are safe.
Intel CPUs Vulnerable to ‘Indirector’ that Leaks Sensitive Information
Type of vulnerability or attack: Side-channel attack via branch target injection.
The problem: Modern Intel CPUs, such as Raptor Lake and Alder Lake, are vulnerable to a new side-channel attack dubbed Indirector. This vulnerability occurs in the indirect branch predictor (IBP) and branch target buffer (BTB). It enables attackers to launch branch target injection (BTI) attacks. Using these hardware components, attackers can defeat existing defenses such as Spectre v2 (CVE-2017-5715) and leak sensitive data through speculative execution.
The fix: Intel analyzed the findings and concluded that existing mitigations, including IBRS, eIBRS, and BHI, are effective against Indirector attacks. Users should make sure to enable these mitigations. To improve security against side-channel attacks, securely use indirect branch predictor barrier (IBPB) and enhance the branch prediction unit (BPU) with more complicated tags, encryption, and randomization.
July 3, 2024
Threat Actors Exploit MSHTML Flaw to Deploy MerkSpy Surveillance Tool
Type of vulnerability: Remote code execution.
The problem: A Microsoft MSHTML vulnerability, CVE-2021-40444, was exploited to distribute the MerkSpy surveillance program. The attack starts with a malicious Word document providing a fictitious job description, which leads to remote code execution.
This downloads an HTML file (“olerender.html”), which contains shellcode that downloads and runs more malware. MerkSpy collects sensitive information, observes actions, and builds persistence, affecting users in Canada, India, Poland, and the United States.
The fix: Microsoft already released a patch for CVE-2021-40444 in September 2021. Update your systems with the latest security patches. Educate your employees on how to recognize phishing attempts and implement robust security measures, such as advanced endpoint protection and regular security audits, to detect and prevent such attacks. Improve your monitoring and logging security so that you can respond to unusual activity quickly.
Microsoft Reveals Security Flaws in PanelView Plus Devices
Type of vulnerability: Remote code execution and denial-of-service (DoS).
The problem: Microsoft discovers two vulnerabilities in Rockwell Automation PanelView Plus. These vulnerabilities, known as CVE-2023-2071 and CVE-2023-29464, enable remote, unauthenticated attackers to execute arbitrary code and create DoS circumstances.
CVE-2023-2071 exploits insufficient input validation to upload and load malicious DLLs, resulting in remote code execution. CVE-2023-29464 uses similar input validation flaws to access memory data and send larger packets, resulting in a DoS. These flaws affect FactoryTalk View Machine Edition (versions 13.0, 12.0, and previous) and FactoryTalk Linx (versions 6.30, 6.20, and previous).
The fix: Rockwell Automation issued recommendations addressing these issues, urging users to update to the most recent versions of FactoryTalk View Machine Edition and FactoryTalk Linx. To minimize risks, patch your systems as soon as possible. Additional safeguards include network segmentation, firewalls to restrict external access, and network traffic monitoring for anomalous activities.
Multiple Vulnerabilities Found in Traeger Grills with D2 Wi-Fi Controller
Type of vulnerability: Insufficient authorization control and remote command execution.
The problem: Nick Cerne of Bishop Fox discovered several security issues in Traeger grills that used the D2 Wi-Fi Controller. These flaws enable remote attackers to execute actions, including collecting grill information and shutting the device off.
The critical weakness (CVSS score: 7.1) concerns insufficient authorization constraints in the API for grill registration, allowing attackers to remotely change the grill’s temperature and operational status. Exploiting these vulnerabilities can lead to food spoilage, as proved by researchers who raised the grill temperature from 165°F to 500°F.
The fix: Traeger has enabled automated firmware updates for grills using the D2 Wi-Fi Controller. This ensures that all affected grills connected to the Internet receive the necessary updates without requiring user intervention. For grill owners, make sure to update your devices. To avoid unauthorized access, secure your networks, monitor device activity, and turn off grills when they’re not in use.
July 5, 2024
Ghostscript Vulnerability Threatens Web Applications & Services
Type of vulnerability: Format string bug and remote code execution.
The problem: Ghostscript’s format string issue (CVE-2024-29510) allows remote attackers to execute arbitrary code by bypassing the -dSAFER sandbox. Ghostscript is widely used for document processing. Its vulnerability affects web applications, allowing file manipulation and RCE without user input.
The fix: Ghostscript already published version 10.03.1 in April 2024 to address CVE-2024-29510. To ensure system security, update to the newest version. Monitor automated operations utilizing Ghostscript for vulnerabilities and install security fixes as soon as possible to avoid exploitation.
Read next: