The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html


Configuration Scanners Adding Java Specific Configuration Files
Published: 2024-06-24
Last Updated: 2024-06-24 08:37:24 UTC
by Johannes Ullrich (Version: 1)

Hunting for configuration files is one of the favorite tricks we typically see used against our honeypots. Traditionally, standard and more generic configuration files like ".env" or ".config" are the target, with some cloud-specific configuration files sprinkled in.

Today, I noticed in our "First Seen URL" list a new variation that appears to target Java Spring configuration files. For example, the following files are now being hunted ...

https://isc.sans.edu/diary/Configuration+Scanners+Adding+Java+Specific+Configuration+Files/31032/


No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
Published: 2024-06-20
Last Updated: 2024-06-20 01:19:16 UTC
by Guy Bruneau (Version: 1)

[This is a Guest Diary by Owen Slubowski, an ISC intern as part of the SANS.edu BACS program]

Over the past 20 weeks I have had the privilege to take part in the SANS Internet Storm Center Internship. This has been an awesome chance to deploy and monitor a honeypot to explore what must be the fate of so many unsecured devices on the internet. Over the tenure here the one thing that was so shocking to me was not only the amount of devices that are conducting password attacks, but also the damage they could have done if their malware had been successful. Over the 20 weeks of this internship, I had more than 16,790 unique devices attempt to gain unauthorized access to my honeypot over SSH and Telnet from 49 different countries!

With the amount of threat actors out there it almost seems like a strong password policy isn’t enough on its own. And over the multitude of attack reports I wrote it always listed the same control that could have protected the system: MFA and filtering to protect the system. In my mind these solutions always imply a greater cost that is often outside of our reach as hobbyist and small organizations … Or are they? Over the course of the next few pages, I look to discuss different technical controls I was first introduced to during the internship that can be applied to Ubuntu Linux at no cost and how they can help protect against these attempts to login by various threat actors.

Read the full entry:
https://isc.sans.edu/diary/No+Excuses+Free+Tools+to+Help+Secure+Authentication+in+Ubuntu+Linux+Guest+Diary/31024/

Sysinternals' Process Monitor Version 4 Released (2024.06.22)

https://isc.sans.edu/diary/Sysinternals+Process+Monitor+Version+4+Released/31026/

Microsoft Patch Tuesday June 2024 (2024.06.11)

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2024/31000/

Finding End of Support Dates: UK PTSI Regulation (2024.06.07)

https://isc.sans.edu/diary/Finding+End+of+Support+Dates+UK+PTSI+Regulation/30992/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.


CVE-2024-27815 - tvOS 17.5, visionOS 1.2, iOS 17.5, and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5 have fixed an out-of-bounds write issue that could allow an app to execute arbitrary code with kernel privileges.
Product: Apple tvOS
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27815
ISC Podcast: https://isc.sans.edu/podcastdetail/9034


CVE-2024-37079 & CVE-2024-37080 - vCenter Server is susceptible to heap-overflow vulnerabilities in its DCERPC protocol implementation, allowing remote code execution through specially crafted network packets.
Product: VMware vCenter Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37079
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37080
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453


CVE-2024-5021 - The WordPress Picture / Portfolio / Media Gallery plugin is vulnerable to Server-Side Request Forgery in all versions up to 3.0.1, allowing unauthenticated attackers to make web requests to arbitrary locations.
Product: WordPress Picture / Portfolio / Media Gallery
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5021
NVD References:
- https://plugins.trac.wordpress.org/browser/nimble-portfolio/trunk/includes/prettyphoto/download-image.php#L17
- https://www.wordfence.com/threat-intel/vulnerabilities/id/224a2d6d-7fdc-43a8-a8c9-26213b604433?source=cve


CVE-2024-3229 - The Salon booking system plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.
Product: WordPress Salon booking system plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3229
NVD References:
- https://plugins.trac.wordpress.org/changeset/3103584/salon-booking-system/trunk/src/SLN/Action/Ajax/ImportAssistants.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3bbbf5be-5c0a-4514-88ac-003083c0bba3?source=cve


CVE-2024-5853 - The Sirv plugin for WordPress is vulnerable to arbitrary file uploads, allowing authenticated attackers with Contributor-level access to upload files and potentially achieve remote code execution.
Product: Sirv Image Optimizer, Resizer and CDN Plugin
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5853
NVD References:
- https://plugins.trac.wordpress.org/changeset/3103410/sirv/trunk/sirv.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e89b40ec-1952-46e3-a91b-bd38e62f8929?source=cve


CVE-2023-39312 - Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
Product: ThemeFusion Avada
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39312
NVD References: https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-author-unrestricted-zip-extraction-vulnerability?_s_id=cve


CVE-2024-3605 - The WP Hotel Booking plugin for WordPress is susceptible to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to 2.1.0.
Product: WP Hotel Booking WordPress
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3605
NVD References:
- https://wordpress.org/plugins/wp-hotel-booking/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve


CVE-2024-4742 - The Youzify plugin for WordPress is vulnerable to SQL Injection through the order_by shortcode attribute, allowing authenticated attackers with Contributor-level access and above to extract sensitive information from the database.
Product: Youzify BuddyPress Community
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4742
NVD References:
- https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/functions/youzify-account-verification-functions.php#L294
- https://www.wordfence.com/threat-intel/vulnerabilities/id/08bd24ca-eec6-4b62-af49-192496e65a5b?source=cve


CVE-2024-5432 - The Lifeline Donation plugin for WordPress up to version 1.2.6 is vulnerable to authentication bypass, allowing unauthenticated attackers to impersonate any existing user on the site.
Product: WordPress Lifeline Donation plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5432
NVD References:
- https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292
- https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/vendor/webinane/webinane-commerce/includes/Classes/Checkout.php?rev=2490935#L125
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve


CVE-2024-4098 - The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion, allowing unauthenticated attackers to execute arbitrary files on the server.
Product: WordPress Shariff Wrapper plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4098
NVD References:
- https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L410
- https://plugins.trac.wordpress.org/changeset/3103137
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f49fba00-c576-4a1a-8b0b-9ebed3e3d090?source=cve


CVE-2024-37899 - XWiki Platform allows users to execute malicious code in their profile when their account is disabled, impacting versions up to 16.0.0.
Product: XWiki Platform
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37899
NVD References:
- https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93
- https://jira.xwiki.org/browse/XWIKI-21611


CVE-2024-38369 - XWiki Platform allows users to impersonate authors of included content, but this vulnerability has been patched in XWiki 15.0 RC1.
Product: XWiki Platform
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38369
NVD References: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh


CVE-2024-5756 - The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23, allowing unauthenticated attackers to extract sensitive information from the database.
Product: Icegram Email Subscribers by Icegram Express
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5756
NVD References:
- https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/db/class-es-db-contacts.php#L532
- https://plugins.trac.wordpress.org/changeset/3101638/email-subscribers/trunk/lite/includes/db/class-es-db-contacts.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c5bd11c6-2f55-4eee-834a-c4e405482b9c?source=cve


CVE-2024-6240 - Parallels Desktop Software is vulnerable to improper privilege management, allowing an attacker to escalate privileges by adding malicious code to a script executed on application startup.
Product: Parallels Desktop
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6240
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop


CVE-2023-45197 - Adminer's file upload plugin vulnerability allows an attacker to upload and execute a file with a table name of ".." in the root directory.
Product: Adminerevo
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45197
NVD References:
- https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4
- https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3


CVE-2023-38389 - JupiterX Core versions from n/a through 3.3.8 allow unauthorized users to access restricted functionality due to an Incorrect Authorization vulnerability.
Product: Artbees Jupiter X Core
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38389
NVD References: https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability?_s_id=cve


CVE-2024-6241 - Pear Admin Boot up to 2.0.2 is vulnerable to a critical SQL injection flaw in the getDictItems function of /system/dictData/getDictItems/ that can be exploited remotely, with the exploit already disclosed to the public as VDB-269375.
Product: Pearadmin Pear Admin Boot
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6241
NVD References:
- https://gitee.com/pear-admin/Pear-Admin-Boot/issues/IA5IPQ
- https://gitee.com/pear-admin/Pear-Admin-Boot/issues/IA5KBS
- https://vuldb.com/?ctiid.269375
- https://vuldb.com/?id.269375


CVE-2020-27352 - Snapd allows for potential privilege escalation in containers managed by Docker snap and similar snaps due to a lack of Delegate=yes specification in systemd service units.
Product: Canonical docker snap
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27352
NVD References:
- https://bugs.launchpad.net/snapd/+bug/1910456
- https://ubuntu.com/security/notices/USN-4728-1
- https://www.cve.org/CVERecord?id=CVE-2020-27352


CVE-2024-5683 - Next4Biz CRM & BPM Software Business Process Management (BPM) software allows remote code inclusion due to improper control of code generation, affecting versions 6.6.4.4 to 6.6.4.5.
Product: Next4Biz Business Process Management (BPM) Software
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5683
NVD References: https://www.usom.gov.tr/bildirim/tr-24-0739


CVE-2024-37089 - Consulting Elementor Widgets by StylemixThemes is vulnerable to PHP Local File Inclusion due to an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') issue.
Product: StylemixThemes Consulting Elementor Widgets
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37089
NVD References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve


CVE-2024-37091 - Consulting Elementor Widgets is vulnerable to OS Command Injection due to improper neutralization of special elements in a command, affecting versions up to 1.3.0.
Product: StylemixThemes Consulting Elementor Widgets
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37091
NVD References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-remote-code-execution-rce-vulnerability?_s_id=cve


CVE-2024-37109 - WishList Member X is vulnerable to Code Injection from version n/a through 3.25.1.
Product: WishList Member X
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37109
NVD References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve


CVE-2024-37228 - InstaWP Connect allows Code Injection vulnerability from n/a through 0.1.0.38.
Product: InstaWP Connect
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37228
NVD References: https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-38-arbitrary-file-upload-vulnerability?_s_id=cve


CVE-2024-38373 - FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 are vulnerable to a buffer over-read issue in the DNS Response Parser, allowing for potential exploitation by crafted DNS responses.
Product: FreeRTOS-Plus-TCP
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38373
NVD References:
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1
- https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv


CVE-2023-6198 - Baicells Snap Router BaiCE_BMI on EP3011 has a hard-coded credentials vulnerability that allows unauthorized access to the device.
Product: Baicells Snap Router BaiCE_BMI
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6198
NVD References: https://www.baicells.com


CVE-2024-4196 - Avaya IP Office is vulnerable to remote code execution due to improper input validation in the Web Control component before version 11.1.3.1.
Product: Avaya IP Office
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4196
NVD References: https://download.avaya.com/css/public/documents/101090768


CVE-2024-4197 - Avaya IP Office is vulnerable to remote command or code execution through unrestricted file uploads in versions prior to 11.1.3.1.
Product: Avaya IP Office
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4197
NVD References: https://download.avaya.com/css/public/documents/101090768


CVE-2024-6297 - WordPress plugins hosted on WordPress.org have been compromised, allowing threat actors to inject malicious PHP scripts that exfiltrate database credentials and create new administrator users.
Product: WordPress | several plugins
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6297
NVD References:
- https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
- https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
- https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
- https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
- https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
- https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
- https://plugins.trac.wordpress.org/changeset/3105893/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
- https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve


CVE-2024-6028 - The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter, allowing unauthenticated attackers to extract sensitive information from the database.
Product: WordPress Quiz Maker plugin
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6028
NVD References:
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L4904
- https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L6901
- https://plugins.trac.wordpress.org/changeset/3103402/quiz-maker/tags/6.5.8.2/public/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php
- https://plugins.trac.wordpress.org/changeset/3105555/quiz-maker/tags/6.5.8.4/public/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php
- https://wordpress.org/plugins/quiz-maker/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve


CVE-2024-6303 - Conduit <=0.7.0 is missing authorization in its Client-Server API, allowing for privilege escalation by moving aliases to different rooms.
Product: Conduit Client-Server API
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6303
NVD References:
- https://conduit.rs/changelog/#v0-8-0-2024-06-12
- https://gitlab.com/famedly/conduit/-/releases/v0.8.0


CVE-2024-5805 - Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
Product: Progress MOVEit Gateway
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5805
NVD References:
- https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805
- https://www.progress.com/moveit


CVE-2024-5806 - Progress MOVEit Transfer (SFTP module) versions before 2023.0.11, 2023.1.6, and 2024.0.2 are vulnerable to Authentication Bypass.
Product: Progress MOVEit Transfer
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5806
NVD References:
- https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806
- https://www.progress.com/moveit


CVE-2024-4883 - Progress WhatsUp Gold is vulnerable to unauthenticated attackers achieving Remote Code Execution by exploiting NmApi.exe in versions released prior to 2023.1.3.
Product: Progress WhatsUp Gold
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4883
NVD References:
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
- https://www.progress.com/network-monitoring


CVE-2024-4884 - Progress WhatsUp Gold is vulnerable to unauthenticated Remote Code Execution up to version 2023.1.3, allowing execution of commands with elevated privileges.
Product: Progress WhatsUp Gold
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4884
NVD References:
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
- https://www.progress.com/network-monitoring


CVE-2024-4885 - Progress WhatsUpGold is vulnerable to an unauthenticated Remote Code Execution flaw in the GetFileWithoutZip function, allowing for command execution with elevated privileges.
Product: Progress WhatsUp Gold
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4885
NVD References:
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
- https://www.progress.com/network-monitoring


CVE-2024-5276 - Fortra FileCatalyst Workflow is vulnerable to SQL Injection, allowing attackers to alter application data and potentially gain unauthorized access.
Product: Fortra FileCatalyst Workflow
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5276
NVD References:
- https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
- https://www.fortra.com/security/advisory/fi-2024-008
- https://www.tenable.com/security/research/tra-2024-25


CVE-2024-28397 - js2py up to v0.74 is vulnerable to arbitrary code execution through a crafted API call in the component js2py.disable_pyimport().
Product: js2py
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28397
ISC Podcast: https://isc.sans.edu/podcastdetail/9032
NVD References:
- https://github.com/Marven11
- https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape