FlagThis

Sophos has released updates for its Firewall product to address three critical vulnerabilities that could lead to Remote Code Execution (RCE) and privilege escalation. These flaws, identified as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, require immediate patching to prevent potential exploitation. There is currently no evidence that the shortcomings have been exploited in the wild.

BeyondTrust has experienced a security incident where hackers breached their Remote Support SaaS instances by exploiting an API key, allowing for account password resets. Two critical vulnerabilities were discovered and patched, namely command injection (CVE-2024-12356) and escalation of privilege (CVE-2024-12686). This incident highlights the risks associated with API key compromise and the importance of proper security measures for SaaS platforms and privileged access management solutions.

A critical vulnerability, tracked as CVE-2021-44207, in the Acclaim Systems USAHERDS web application, which is a web based application, has been actively exploited. The vulnerability involves the use of hard-coded credentials, making it an easy target for malicious actors. CISA has added this flaw to its Known Exploited Vulnerabilities catalog. Organizations are urged to apply the necessary remediation to reduce their exposure to cyber attacks. This vulnerability allows for significant risk to the federal enterprise.

A critical path traversal vulnerability, identified as CVE-2024-53961, has been discovered in Adobe ColdFusion versions 2023 and 2021. This flaw allows attackers to read arbitrary files from the server. A proof-of-concept (PoC) exploit is already publicly available, significantly increasing the risk of exploitation. ColdFusion users must immediately apply the security updates to mitigate this vulnerability, as attackers are expected to weaponize this vulnerability very quickly. The vulnerability is due to an incomplete mitigation for CVE-2024-50379.

A critical heap-based buffer overflow vulnerability (CVE-2024-49775) in Siemens’ User Management Component (UMC) allows unauthenticated remote attackers to execute arbitrary code. This flaw affects multiple Siemens products and poses a severe risk to industrial and enterprise environments. Siemens has issued security advisory SSA-928984, urging customers to apply fixes or mitigations immediately to prevent exploitation. This vulnerability highlights the dangers of outdated and vulnerable industrial control systems.

A high-severity authorization bypass vulnerability (CVE-2024-51479) has been discovered in Next.js, a widely used React framework. This flaw allows unauthorized access to certain pages directly under the application’s root directory, bypassing middleware-based authorization checks. The vulnerability affects versions from 9.5.5 up to 14.2.14. It requires immediate patching to version 14.2.15 to mitigate the risk.

Multiple critical vulnerabilities have been discovered in Fortinet’s products including FortiWLM and FortiClient EMS. These vulnerabilities, including path traversal and SQL injection flaws, allow attackers to execute arbitrary code and access sensitive data. Exploitation of these vulnerabilities can lead to complete system compromise highlighting the need for immediate patching and proper vulnerability management.

A critical race condition vulnerability in Apache Tomcat web server has been disclosed which can lead to remote code execution (RCE). The vulnerability, identified as CVE-2024-50379, stems from a Time-of-Check to Time-of-Use (TOCTOU) issue in JSP compilation. This allows an unauthenticated attacker to execute arbitrary code remotely, which could lead to a full system compromise. This vulnerability emphasizes the importance of promptly applying security patches to web servers, as these are popular targets for malicious actors.

Over 300,000 Prometheus monitoring servers and exporters are exposed to various attacks, including information disclosure, denial-of-service (DoS), and potential remote code execution. These vulnerabilities stem from improper authentication and insecure configurations, allowing attackers to steal sensitive information such as credentials and API keys. The widespread exposure highlights the need for better security practices in Prometheus deployments and the critical nature of securing monitoring infrastructure.

A critical vulnerability, CVE-2024-11972, has been discovered in the Hunk Companion WordPress plugin, affecting versions below 1.9.0. This flaw allows malicious actors to install and activate vulnerable plugins on affected sites through unauthenticated POST requests. Attackers can exploit this to backdoor sites. The vulnerability has a CVSS score of 9.8, highlighting its severity. This flaw poses a significant security risk, impacting over 10,000 websites. Site owners are advised to update their plugins immediately.

Multiple vulnerabilities have been discovered and addressed in Apache Superset, an open-source data visualization platform. These include SQL injection vulnerabilities and improper authorization flaws, allowing attackers to bypass security restrictions and potentially access sensitive data. Updates are recommended to patch these vulnerabilities and protect against exploitation.

A critical vulnerability (CVE-2024-54143) in OpenWrt’s Attended SysUpgrade (ASU) server allowed attackers to inject malicious firmware images during updates. The vulnerability exploited a truncated SHA-256 hash collision and a command injection flaw, putting many routers at risk. OpenWrt developers quickly addressed the vulnerability in updated releases. This attack highlights the criticality of securing the firmware update process and the risk of supply chain attacks affecting embedded devices.