REDLEGG BLOG

Critical Vulnerabilities -  August 14, 2024

8/14/24 4:35 PM  |  by RedLegg Blog

*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

VULNERABILITIES

Ivanti vTM Authentication Bypass Vulnerability

Identifier: CVE-2024-7593
Exploit or PoC: Yes
CVSS Score: 9.8
Update Guide: CVE-2024-7593 – Security Update Guide
Description: A critical vulnerability in Ivanti's Virtual Traffic Manager (vTM) that allows remote, unauthenticated attackers to bypass the admin panel authentication. This could lead to the creation of unauthorized administrator accounts and full control over the vTM.
Mitigation recommendation: Administrators should update to vTM versions 22.2R1 or 22.7R2 and restrict access to the management interface by binding it to an internal network. Logs should be audited for suspicious activity.


Windows TCP/IP Remote Code Execution Vulnerability

Identifier: CVE-2024-38063
Exploit or PoC: Yes
CVSS Score: 9.8
Update Guide: CVE-2024-38063 – Security Update Guide
Description: A critical vulnerability in the Windows TCP/IP stack allowing remote code execution by sending specially crafted packets. This is considered highly likely to be exploited due to its low complexity.
Mitigation recommendation: Patch immediately. Ensure all systems are up to date to prevent remote exploitation.


Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Identifier: CVE-2024-38199
Exploit or PoC: No
CVSS Score: 9.8
Update Guide: CVE-2024-38199 – Security Update Guide
Description: A remote code execution vulnerability that can be exploited by sending a specially crafted print task to the LPD Service.
Mitigation recommendation: Apply the latest security patches, especially on systems running the LPD Service.


Ubuntu wpa_supplicant Privilege Escalation Vulnerability

Identifier: CVE-2024-5290
Exploit or PoC: Yes
CVSS Score: 8.8
Update Guide: CVE-2024-5290 – Security Update Guide
Description: A privilege escalation vulnerability in wpa_supplicant, allowing a local unprivileged user to load arbitrary modules, potentially leading to root-level access.
Mitigation recommendation: Update wpa_supplicant to the latest version, restrict access to the dbus interface, and audit systems for unusual activity.


Calibre Remote Code Execution Vulnerability

Identifier: CVE-2024-6782
Exploit or PoC: Yes
CVSS Score: 9.8
Update Guide: CVE-2024-6782 – Security Update Guide
Description: An improper access control vulnerability in Calibre allowing remote attackers to execute arbitrary code.
Mitigation recommendation: Update to the latest version of Calibre or uninstall any affected versions.


Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability

Identifier: CVE-2024-38193
Exploit or PoC: Yes
CVSS Score: 7.8
Update Guide: CVE-2024-38193 – Security Update Guide
Description: A vulnerability in the Windows Ancillary Function Driver for WinSock, leading to privilege escalation.
Mitigation recommendation: Immediate patching is required to prevent privilege escalation attacks.


KAON AR2140 Shell Command Injection Vulnerability

Identifier: CVE-2024-3659
Exploit or PoC: No
CVSS Score: 7.2
Update Guide: CVE-2024-3659 – Security Update Guide
Description: A vulnerability in KAON AR2140 routers allowing remote attackers to inject shell commands via a crafted request to the administrative portal. Exploitation requires access to the router's admin interface.
Mitigation recommendation: Update the router's firmware to version 4.2.16 or later.


mailcow-dockerized API Logs XSS Vulnerability

Identifier: CVE-2024-41959
Exploit or PoC: Yes
CVSS Score: 7.6
Update Guide: CVE-2024-41959 – Security Update Guide
Description: An unauthenticated attacker can inject a JavaScript payload into the API logs, leading to cross-site scripting (XSS) when viewed in the browser. This can result in unauthorized actions or data theft.
Mitigation recommendation: Update to the latest version of mailcow-dockerized or apply the necessary patches as outlined in the update guide.


Microsoft Dynamics CRM Service Portal XSS Vulnerability

Identifier: CVE-2024-38166
Exploit or PoC: No
CVSS Score: 8.2
Update Guide: CVE-2024-38166 – Security Update Guide
Description: This vulnerability allows unauthenticated attackers to inject malicious scripts into web pages generated by Microsoft Dynamics 365, leading to potential data theft or session hijacking.
Mitigation recommendation: Apply the latest updates provided by Microsoft to mitigate this vulnerability.


AMD Sinkclose Vulnerability

Identifier: N/A
Exploit or PoC: No
CVSS Score: 9.8
Update Guide: Sinkclose Vulnerability – Security Update Guide
Description: A critical vulnerability impacting a wide range of AMD processors, allowing kernel-level attackers to persistently install malware that remains even after a system wipe or reinstall.
Mitigation recommendation: AMD has begun releasing patches for affected products, including EPYC and Ryzen processors. Users should apply these patches as soon as they become available.


Matrix-React-SDK URL Preview Information Disclosure Vulnerability

Identifier: CVE-2024-42347
Exploit or PoC: No
CVSS Score: 7.7
Update Guide: CVE-2024-42347 – Security Update Guide
Description: A vulnerability in matrix-react-sdk allows a malicious homeserver to manipulate user account data, enabling URL previews in end-to-end encrypted rooms, potentially leading to sensitive information leakage.
Mitigation recommendation: Upgrade to matrix-react-sdk version 3.105.0 or later, and ensure that your deployment trusts its homeservers. 

Get Blog Updates

Related Articles

Emergency Security Bulletin - Multiple Cisco Vulnerabilities Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - Multiple Cisco Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Security Bulletin - NVIDIA Container Toolkit Remote Code Execution Vulnerability Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - NVIDIA Container Toolkit Remote Code Execution Vulnerability

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin