CyberSecurity news
FlagThis - #CommandInjection
|
Zeljka Zorz@Help Net Security
//
Zyxel has announced that it will not be releasing patches for two actively exploited zero-day vulnerabilities, identified as CVE-2024-40890 and CVE-2024-40891. These vulnerabilities affect multiple legacy DSL CPE products, including models VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500. The vulnerabilities enable attackers to execute arbitrary commands on the affected devices. One of the vulnerabilities, CVE-2024-40891, is being actively exploited in the wild by a Mirai botnet variant.
GreyNoise warned that over 1,500 devices are affected by the command injection bug. CVE-2024-40890 is a post-authentication command injection vulnerability in the CGI program which allows an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request. CVE-2024-40891 is a post-authentication command injection vulnerability in the management commands which could allow an authenticated attacker to execute OS commands on an affected device via Telnet. Zyxel advises users to replace the end-of-life products with newer-generation devices for optimal protection.
Share:
References :
Classification:
@cyberscoop.com
//
A critical vulnerability, designated CVE-2024-12856, has been discovered in Four-Faith routers, specifically models F3x24 and F3x36, enabling remote code execution. The flaw resides in the `/apply.cgi` endpoint, where manipulation of the `adj_time_year` parameter allows attackers to inject malicious commands and gain unauthorized access. This post-authentication vulnerability bypasses security measures using default credentials, allowing attackers to open reverse shells back to their systems. Over 15,000 devices are estimated to be at high risk due to default credential use and internet exposure.
The exploitation of this vulnerability poses a serious threat, potentially leading to the installation of malware, data theft, and significant network disruptions. Observed attack attempts have been linked to a Mirai malware variant, suggesting a targeted campaign. Users of affected Four-Faith routers are urged to take immediate action by updating to the latest firmware and enforcing strong password policies. A Suricata rule has also been published by VulnCheck which helps to identify devices already affected.
Share:
References :
Classification:
@ciso2ciso.com
//
A critical vulnerability has been discovered in Kubernetes that allows remote attackers to execute commands with SYSTEM privileges on Windows nodes within a cluster. Tracked as CVE-2024-9042, this flaw stems from a command-injection bug in the 'Log Query' beta feature. This vulnerability affects Kubernetes versions prior to 1.32.1 when this beta feature is enabled. Exploitation is possible through a specifically crafted command injected via a parameter in a query to a node.
According to Akamai researcher Tomer Peled, who discovered the flaw, the 'Log Query' mechanism does not properly validate and sanitize the parameter, allowing attackers to execute arbitrary code. The vulnerability only impacts clusters using Windows nodes with the beta logging feature turned on. The Kubernetes project has issued a security advisory with instructions on how to update, advising administrators to check cluster audit logs for suspicious inputs. While the number of deployments with this specific configuration is thought to be low, it highlights the importance of rigorous security testing for new features.
Share:
References :
Classification:
|