CyberSecurity updates
2025-01-19 14:25:56 Pacfic

Aviatrix Controller RCE Vulnerability - 6d
Aviatrix Controller RCE Vulnerability

A critical command injection vulnerability, CVE-2024-50603, in the Aviatrix Network Controller allows unauthenticated remote attackers to execute arbitrary code. This vulnerability, with a CVSS score of 10.0, stems from improper input handling within the Aviatrix Controller’s API. Exploitation could lead to full system compromise, data theft, and network breaches. There are hundreds of publicly exposed Aviatrix Controllers accessible via the Shodan search engine.

Six vulnerabilities discovered in rsync - 3d
Six vulnerabilities discovered in rsync

Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program. Six vulnerabilities have been identified, including a critical remote code execution (RCE) vulnerability (CVE-2024-12084) that allows attackers with anonymous read access to an rsync server to execute arbitrary code on the machine. Other vulnerabilities include information leaks and symlink issues. Users are advised to upgrade to rsync version 3.4.0, released on January 14th, to patch these issues and ensure system security. This highlights the importance of timely patching and update process for critical network utilities.

SimpleHelp Vulnerabilities Allow RCE - 2d

Multiple critical vulnerabilities have been discovered in SimpleHelp remote support software. These flaws include unauthorized file access, privilege escalation, and remote code execution. These vulnerabilities are trivial to exploit, making them a serious risk for both SimpleHelp servers and the client machines that the software is used to manage. Patches are available, and users are advised to upgrade immediately.

Ivanti Zero-Day Actively Exploited For RCE - 10d
Ivanti Zero-Day Actively Exploited For RCE

A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.

Windows LDAP RCE Vulnerability Exploit Released - 16d

A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-49112, has been identified in Windows LDAP. A Proof of Concept (PoC) exploit has been released demonstrating how an attacker can send a malicious LDAP request to unpatched Domain Controllers, leading to memory corruption and remote code execution without any user interaction. This vulnerability poses a significant threat to Windows environments. This is a zero click RCE vulnerability.

Node.js Vulnerability Exposes Systems To RCE Attacks - 26d
Node.js Vulnerability Exposes Systems To RCE Attacks

A critical command injection vulnerability, identified as CVE-2024-56334, has been discovered in the Node.js ‘systeminformation’ package. This vulnerability allows attackers to execute arbitrary commands, potentially leading to remote code execution and privilege escalation. The flaw affects versions up to and including 5.23.6, requiring immediate updates to mitigate the risk. This vulnerability impacts a very large number of systems, so immediate action is highly recommended.

Sophos Firewall Fixes Critical Remote Execution Flaws - 29d
Sophos Firewall Fixes Critical Remote Execution Flaws

Sophos has released updates for its Firewall product to address three critical vulnerabilities that could lead to Remote Code Execution (RCE) and privilege escalation. These flaws, identified as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, require immediate patching to prevent potential exploitation. There is currently no evidence that the shortcomings have been exploited in the wild.

BeyondTrust Breach via API Key - 30d
BeyondTrust Breach via API Key

BeyondTrust has experienced a security incident where hackers breached their Remote Support SaaS instances by exploiting an API key, allowing for account password resets. Two critical vulnerabilities were discovered and patched, namely command injection (CVE-2024-12356) and escalation of privilege (CVE-2024-12686). This incident highlights the risks associated with API key compromise and the importance of proper security measures for SaaS platforms and privileged access management solutions.

Critical Apache Struts2 and Tomcat Flaws - 3d
Critical Apache Struts2 and Tomcat Flaws

Multiple critical vulnerabilities have been discovered in Apache Struts2 and Tomcat, including a path traversal vulnerability in Struts2 (CVE-2024-53677) that can lead to remote code execution, and two vulnerabilities in Apache Tomcat (CVE-2024-50379 and CVE-2024-54677) that can cause remote code execution and denial of service respectively. These vulnerabilities stem from issues like Time-of-check Time-of-use (TOCTOU) race conditions during JSP compilation in Tomcat and the ability to upload files into restricted directories in Struts2, allowing attackers to potentially compromise affected systems. Users are urged to apply the available patches immediately.

Siemens UMC Flaw Allows Remote Code Execution - 29d
Siemens UMC Flaw Allows Remote Code Execution

A critical heap-based buffer overflow vulnerability (CVE-2024-49775) in Siemens’ User Management Component (UMC) allows unauthenticated remote attackers to execute arbitrary code. This flaw affects multiple Siemens products and poses a severe risk to industrial and enterprise environments. Siemens has issued security advisory SSA-928984, urging customers to apply fixes or mitigations immediately to prevent exploitation. This vulnerability highlights the dangers of outdated and vulnerable industrial control systems.

Fortinet Flaws Allow Remote Code Execution - 30d
Fortinet Flaws Allow Remote Code Execution

Multiple critical vulnerabilities have been discovered in Fortinet’s products including FortiWLM and FortiClient EMS. These vulnerabilities, including path traversal and SQL injection flaws, allow attackers to execute arbitrary code and access sensitive data. Exploitation of these vulnerabilities can lead to complete system compromise highlighting the need for immediate patching and proper vulnerability management.

Apache Tomcat RCE vulnerability disclosed - 30d
Apache Tomcat RCE vulnerability disclosed

A critical race condition vulnerability in Apache Tomcat web server has been disclosed which can lead to remote code execution (RCE). The vulnerability, identified as CVE-2024-50379, stems from a Time-of-Check to Time-of-Use (TOCTOU) issue in JSP compilation. This allows an unauthenticated attacker to execute arbitrary code remotely, which could lead to a full system compromise. This vulnerability emphasizes the importance of promptly applying security patches to web servers, as these are popular targets for malicious actors.