2025-01-11 23:42:02 Pacfic
Various Products Affected by Critical Vulnerabilities - 3d
Multiple critical vulnerabilities have been discovered across several products, posing significant security risks. A zero-day exploit in industrial routers is being actively used by a new Mirai-based botnet, launching DDoS attacks worldwide, particularly impacting organizations in China, the U.S., Germany, the UK, and Singapore. These attacks, though brief, generate considerable traffic. Additionally, the popular Nuclei vulnerability scanner has been found to have a serious flaw. Tracked as CVE-2024-43405, this high-severity vulnerability allows attackers to bypass template signature checks and inject malicious code. This could provide attackers access to sensitive data on systems running the scanner, versions after 3.0.0 are impacted and users should update to v3.3.2.
The OpenVPN software has also been found with vulnerabilities. The application logged the configuration profile’s private key in clear text, which could allow attackers with access to device logs to extract private keys which then can be used to decrypt VPN traffic. This vulnerability, identified as CVE-2024-8474, affects versions of OpenVPN Connect prior to 3.5.0. OpenVPN also has a vulnerability (CVE-2024-5594) that allows attackers to inject arbitrary data into third party applications and plug-ins, potentially impacting systems with log manipulation or excessive CPU usage. Users are advised to immediately update to the latest versions to mitigate the risks of these vulnerabilities.
ImgSrc: securityonline.info
References:
- Malware Analysis, News and Indicators - Latest topics - Industrial router zero-day leveraged by new Mirai-based botnet - 3d
- securityonline.info - CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys - 3d
- socca.tech - CVE-2024-5594: (OpenVPN: Medium) - 3d
- SCM feed for Threat Management - Industrial router zero-day leveraged by new Mirai-based botnet - 2d
Classification:
- HashTags: ZeroDay OpenVPN NucleiScanner
- Target: Multiple Organizations
- Product: Multiple Products
- Feature: Multiple Vulnerabilities
- Type: Vulnerability
- Severity: Major