🔐 Cybersecurity Weekly Roundup! 🌐
✅Weekly general new public vulnerabilities report! 🔥
In this week's cybersecurity newsletter, we dive deep into the digital trenches to bring you the latest updates on cybersecurity vulnerabilities. From the fresh list of vulnerabilities discovered to an insightful comparison with the previous week, we've got it all covered! We'll navigate through the intricacies of these digital weaknesses, understand their implications, and explore the frontiers of cyber defense. So, gear up as we embark on this cybersecurity journey, armed with knowledge and insights to protect our digital world. 🚀
All the information provided in this post has been extracted from the National Vulnerability Database (NVD) from National Institute of Standards and Technologies (NIST) from the government of US.
1. Weekly Vulnerabilities Overview
This week, our vigilant eyes have identified:
251 OTHERS
33 LOW
314 MEDIUM
173 HIGH
31 CRITICAL
Conclusion: With a diverse range of vulnerabilities uncovered, the digital realm remains a battleground requiring constant vigilance. The presence of critical vulnerabilities underscores the necessity for immediate action to safeguard systems.
2. Comparative Vulnerability Insight
Comparing the current and previous weeks:
Others: Now 251 vs. Past 260
Low: Now 33 vs. Past 14
Medium: Now 314 vs. Past 143
High: Now 173 vs. Past 83
Critical: Now 31 vs. Past 23
Conclusion: An overall increase in vulnerabilities, especially in the medium and high categories, indicates a rising challenge for cybersecurity teams. The critical category's growth demands heightened security measures.
3. Vulnerabilities by Status
Status breakdown:
0 Received
787 Awaiting Analysis
0 Undergoing Analysis
6 Analyzed
0 Modified
0 Deferred
9 Rejected
Conclusion: The majority of vulnerabilities await analysis, highlighting the ongoing need for resources in vulnerability assessment and prioritization.
4. Vulnerabilities Reported by Top 10 Companies
Wordfence: 160 vulnerabilities
Mitre: 94 vulnerabilities
Vuldb: 64 vulnerabilities
Microsoft: 61 vulnerabilities
Company 416baaa9: 54 vulnerabilities
Github: 51 vulnerabilities
Patchstack: 50 vulnerabilities
Google: 47 vulnerabilities
Cert: 25 vulnerabilities
Incibe: 17 vulnerabilities
Conclusion: The concentration of reports from leading companies underscores their role in the cybersecurity ecosystem and the varied sources of vulnerabilities.
5. Vulnerabilities Per Category
RCE: 31 vulnerabilities
SQL Injection: 22 vulnerabilities
XSS: 147 vulnerabilities
Conclusion: XSS vulnerabilities dominate, posing significant risks to web applications and necessitating robust security measures.
6. Vulnerabilities in Famous Companies
Microsoft: 25 vulnerabilities
Apple: 2 vulnerabilities
Google: 5 vulnerabilities
Amazon: 1 vulnerability
Cisco: 8 vulnerabilities
IBM: 14 vulnerabilities
SAP: 7 vulnerabilities
Meta: 7 vulnerabilities
Intel: 13 vulnerabilities
Conclusion: Even the tech giants are not immune, highlighting the universal challenge of cybersecurity.
7. Top 10 Critical Vulnerabilities
CVE-2024-22039: CRITICAL:10.0
Description: Stack-based buffer overflow due to unchecked X.509 certificate attributes in various Cerberus PRO and Sinteso products.
Solution: Update all affected systems to the latest versions as provided by the manufacturer to mitigate this vulnerability.
CVE-2024-27957: CRITICAL:10.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.
Solution: Update Pie Register to version 3.8.3.1 or later to close this security loophole.
CVE-2023-6825: CRITICAL:9.9
Description: Directory Traversal in File Manager and File Manager Pro plugins for WordPress.
Solution: Ensure your installations are updated beyond version 7.2.1 (free version) and 8.3.4 (Pro version) to protect your WordPress sites.
CVE-2024-27102: CRITICAL:9.9
Description: Vulnerability in Wings, the server control plane for Pterodactyl Panel, allows file and directory access on the host system.
Solution: Update to Wings version 1.11.9 to mitigate this risk, as this patch includes a significant rewrite to secure the filesystem.
CVE-2024-2184: CRITICAL:9.8
Description: Buffer overflow in WSD probe request process in multiple printer models.
Solution: Users should apply firmware updates for their printers as soon as they become available from the manufacturer.
CVE-2024-2370: CRITICAL:9.8
Description: Unrestricted file upload vulnerability in ManageEngine Desktop Central.
Solution: Upgrade to a version of ManageEngine Desktop Central that addresses this vulnerability, ensuring that no unauthorized file uploads can occur.
CVE-2024-25995: CRITICAL:9.8
Description: Remote code execution due to missing authentication for a critical function.
Solution: Patch the affected systems immediately upon availability of updates from the vendor, and review system configurations for unauthorized changes.
CVE-2022-32257: CRITICAL:9.8
Description: Lack of proper access control in SINEMA Remote Connect Server.
Solution: Update SINEMA Remote Connect Server to version V3.2 or above where the issue is resolved.
CVE-2023-36554: CRITICAL:9.8
Description: Improper access control in Fortinet FortiManager allowing unauthorized command execution.
Solution: Patch affected versions of Fortinet FortiManager to the latest release that addresses this vulnerability.
CVE-2023-42789: CRITICAL:9.8
Description: Out-of-bounds write in Fortinet FortiOS and FortiProxy leading to unauthorized code execution.
Solution: Apply the security updates for FortiOS and FortiProxy provided by Fortinet to mitigate this threat.
Armed with this knowledge, you're now better equipped to navigate the cyber threatscape! Remember, regular updates and proactive cybersecurity measures are your best defense against these vulnerabilities. Stay vigilant, stay informed, and let's keep our digital worlds secure! 🔐✨
8. Public Exploits for Top 10 Vulnerabilities
The public exploit we're focusing on relates to CVE-2023-42789, a critical vulnerability in Fortinet FortiOS and FortiProxy. This exploit is a clear example of how vulnerabilities, once identified, can be quickly leveraged by attackers, emphasizing the need for prompt action from organizations to protect their networks.
Understanding CVE-2023-42789
CVE-2023-42789 is classified as an out-of-bounds write vulnerability. This means the vulnerability arises because the software writes data past the end, or before the beginning, of the intended buffer. Such conditions can lead to various impacts, ranging from a crash to the execution of arbitrary code. In the context of Fortinet FortiOS and FortiProxy, this vulnerability allows an attacker to execute unauthorized code or commands via specially crafted HTTP requests.
The critical nature of this vulnerability, with a severity score of 9.8, underscores its potential to compromise the security of networks significantly. Attackers exploiting this vulnerability could potentially gain control over the affected system, leading to unauthorized access to sensitive data, disruption of system operations, or further network compromise.
The Public Exploit
The public exploit for CVE-2023-42789, identified in a GitHub repository (CrimBit/CVE-2023-42789-POC), provides attackers with a proof of concept (PoC) that demonstrates how the vulnerability can be exploited. This PoC is essentially a guide that allows other malicious actors to understand and exploit the vulnerability in affected systems.
Exploits like this typically include detailed instructions or scripts that exploit a specific vulnerability. In this case, the exploit would leverage the out-of-bounds write vulnerability by sending a specially crafted HTTP request to the target system. If successful, this exploit could allow the attacker to execute arbitrary code with the same privileges as the FortiOS or FortiProxy service, which is often highly privileged.
Repository: CVE-2023-42789-POC
Description: Exploit for Fortinet FortiOS FortiProxy leading to RCE.
Implications of the Public Exploit
The availability of a public exploit for a critical vulnerability significantly increases the risk of widespread attacks. It lowers the barrier to entry for attackers, as they do not need to have the expertise to discover or develop their own exploits for this vulnerability. Instead, they can simply utilize the public PoC to attack vulnerable systems.
Protective Measures
Given the severity and the public availability of an exploit for CVE-2023-42789, it's crucial for organizations using Fortinet FortiOS and FortiProxy to:
Apply Patches: Immediately update to the latest versions of FortiOS and FortiProxy that address this vulnerability.
Monitor Systems: Watch for unusual activity that could indicate exploitation attempts or successful breaches.
Review Configurations: Ensure that systems are configured securely to minimize exposure to potential attacks.
Educate Staff: Make sure that IT and security teams are aware of the vulnerability and the potential methods of attack.
Implement Detection Capabilities: Use intrusion detection systems (IDS) and intrusion prevention systems (IPS) that can identify attempts to exploit this vulnerability.
The disclosure of CVE-2023-42789 and its public exploit highlights the ongoing cat-and-mouse game between security professionals and attackers. It underscores the importance of timely vulnerability management and the need for continuous vigilance in cybersecurity practices.
Note: We haven't identified public exploits for the other vulnerabilities yet.
Pattern Analysis and Conclusion
This week's analysis reveals a concerning rise in the number and severity of vulnerabilities, with a significant jump in medium and high categories. The prevalence of XSS vulnerabilities highlights the persistent threat to web security, emphasizing the need for rigorous web application testing and secure coding practices. The identification of critical vulnerabilities across major tech companies further underlines the ubiquity of cybersecurity challenges. It's crucial for organizations to stay vigilant, promptly update their systems, and adopt a proactive security posture to navigate the digital landscape safely.
Stay cyber-safe, and see you in next week's roundup! 🛡️✨