The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

From Perfctl to InfoStealer

Published: 2024-10-09.

Last Updated: 2024-10-09 07:18:37 UTC

by Xavier Mertens (Version: 1)

A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl. The malware has been pretty well analyzed and I won’t repeat what has been already disclosed. I found a copy of the "httpd" binary (SHA256:22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13). I dropped the malware in my lab to see how it detonated. I infected the lab without root privileges and detected the same behavior except files were not written to some locations due to a lack of access (not root). When executing without root privileges, the rootkit feature is unavailable and the malware runs "disclosed" ...

Read the full entry:

https://isc.sans.edu/diary/From+Perfctl+to+InfoStealer/31334/

Microsoft Patch Tuesday - October 2024

Published: 2024-10-08.

Last Updated: 2024-10-08 19:18:33 UTC

by Johannes Ullrich (Version: 1)

Microsoft today released patches for 117 vulnerabilities. Three additional vulnerabilities apply to Chromium/Edge. Another three vulnerabilities are rated critical.

Five of the vulnerabilities were disclosed before today. Two vulnerabilities were not only disclosed but also exploited, according to Microsoft

Notable Vulnerabilities:

Microsoft Management Console Remote Code Execution Vulnerability (CVE-2024-43572)

To Exploit this vulnerability, the attacker must convince the victim to open a malicious file.

Open Source Curl Remote Code Execution Vulnerability (CVE-2024-6197)

This vulnerability was disclosed and patched in libcurl back in July. Accordng to curl.se, the most likely outcome is a crash, but code execution can not be ruled out.

Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2024-20659)

The vulnerability allows an attacker to bypass the UEFI on the host machine and compromise the hypervisor and the secure kernel. Exploitation requires a reboot at the right time.

Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43573)

yet another Windows MSHTML Platform Spoofing vulnerability. Fourth 0-day just this year in this component. APT actors usually use these issues to make downloading and executing malware more likely.

Read the full entry:

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+October+2024/31336/

macOS Sequoia: System/Network Admins, Hold On!

Published: 2024-10-07.

Last Updated: 2024-10-07 15:58:48 UTC

by Xavier Mertens (Version: 1)

It's always tempting to install the latest releases of your preferred software and operating systems. After all, that's the message we pass to our beloved users: "Patch, patch, and patch again!". Last week, I was teaching for SANS and decided to not upgrade my MacBook to macOS 15.0 (Sequoia). Today, I had nothing critical scheduled and made the big jump. Upgrading the operating system is always stressful but everything ran smoothly. So far so good...

Later, I started to do my regular geek tasks and connected to several SSH hosts. After a random amount of time, I noticed the following error for many connections:

ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: Connection corrupted

This happened multiple times. I started to google for some users' feedback and experiences. It seems to be a problem faced by many people. What I've read:

It happens randomly

It affects IPv4 / IPv6

Not related to an SSH client (term, iTerm2, same)

People who upgraded to 15.0.1 have less frequent disconnections but the problem is not solved yet

Some recommendations (worked for some users)

Disable the macOS firewall

Turn off "Limit IP address tracking

Disable private rotating MAC

Disable tools like LittleSnitch

There is no "magic recipe" to fix the issue. On my Mac, disabling the address tracking did the job. I've now an SSH session open for 2h+.

Many forums are covering this topic. The most complete one I found is on the Apple support forum[1]. In conclusion, if SSH is a critical protocol for you, maybe hold on before upgrading your macOS.

Tip: If you need to SSH to a host, be sure to start your shell in a "screen" (or Byobu, ... ) session[2] to not lose your work.

[1] https://discussions.apple.com/thread/255761702?sortBy=rank&page=1

[2] https://ss64.com/bash/screen.html

https://isc.sans.edu/diary/macOS+Sequoia+SystemNetwork+Admins+Hold+On/31330/

Survey of CUPS exploit attempts (2024.10.04)

https://isc.sans.edu/diary/Survey+of+CUPS+exploit+attempts/31326/

Kickstart Your DShield Honeypot [Guest Diary] (2024.10.03)

https://isc.sans.edu/diary/Kickstart+Your+DShield+Honeypot+Guest+Diary/31320/

Security related Docker containers (2024.10.02)

https://isc.sans.edu/diary/Security+related+Docker+containers/31318/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-45519 - Zimbra Collaboration (ZCS) versions prior to 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 may permit unauthenticated users to run commands.

Product: Zimbra Collaboration

CVSS Score: 9.8

** KEV since 2024-10-03 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45519

ISC Podcast: https://isc.sans.edu/podcastdetail/9162

NVD References:

- https://wiki.zimbra.com/wiki/Security_Center

- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability

Product: Microsoft Management Console

CVSS Score: 7.8

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43572

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572

CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability

Product: Microsoft Windows MSHTML Platform

CVSS Score: 6.5

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43573

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573

CVE-2024-41925 - The web service for ONS-S8 - Spectra Aggregation Switch is vulnerable to directory traversal, authentication bypass, and remote code execution due to improper input validation.

Product: ONS-S8 Spectra Aggregation Switch

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41925

ISC Podcast: https://isc.sans.edu/podcastdetail/9166

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01

CVE-2024-45367 - ONS-S8 - Spectra Aggregation Switch has an incomplete authentication process, allowing attackers to authenticate without a password.

Product: ONS-S8 Spectra Aggregation Switch

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45367

ISC Podcast: https://isc.sans.edu/podcastdetail/9166

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01

CVE-2024-43047 - Qualcomm chipsets: Memory corruption while maintaining memory maps of HLOS memory.

Product: Multiple Qualcomm Chipsets

CVSS Score: 7.8

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43047

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

CVE-2024-38124 - Windows Netlogon Elevation of Privilege Vulnerability

Product: Microsoft Windows Netlogon

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124

CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution Vulnerability

Product: Microsoft Configuration Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

CVE-2024-36435 - Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules) allows for arbitrary remote code execution due to a stack buffer overflow vulnerability.

Product: Supermicro BMC firmware

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36435

ISC Podcast: https://isc.sans.edu/podcastdetail/9162

CVE-2024-9359 & CVE-2024-9360 - Restaurant Reservation System 1.0 is vulnerable to a critical SQL injection attack via the /addcompany.php file's company argument, allowing remote exploitation.

Product: Code-Projects Restaurant Reservation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9359

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9360

NVD References:

- https://code-projects.org/

- https://github.com/ppp-src/a/issues/22

- https://github.com/halhalz/-/issues/1

CVE-2024-9106 - The Wechat Social login plugin for WordPress up to version 1.3.0 is vulnerable to authentication bypass due to insufficient user verification, allowing unauthenticated attackers to log in as any existing user with access to the user id.

Product: Wechat Social login plugin for WordPress

Active Installations: This plugin has been closed as of September 30, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9106

NVD References:

- https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/add-ons/social-qq/class-xh-social-channel-qq.php?rev=2080785#L284

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1bd44471-1a9c-4465-a52a-be64d51e7ea1?source=cve

CVE-2024-9108 - The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads allowing unauthenticated attackers to potentially execute remote code.

Product: Wechat WordPress Social login plugin

Active Installations: This plugin has been closed as of September 30, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9108

NVD References:

- https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/includes/social/class-xh-social-wp-api.php?rev=2111074#L39

- https://www.wordfence.com/threat-intel/vulnerabilities/id/06881386-3c92-426b-948d-58e8a8bee624?source=cve

CVE-2024-9265 - The Echo RSS Feed Post Generator plugin for WordPress has a privilege escalation vulnerability up to version 5.4.6, allowing unauthenticated attackers to register as an administrator.

Product: Coderevolution Echo RSS Feed Post Generator

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9265

NVD References:

- https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c099f401-4b05-4532-8e31-af1b1dea7eca?source=cve

CVE-2024-9289 - The WordPress & WooCommerce Affiliate Program plugin is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any user, including administrators.

Product: Redefiningtheweb Affiliate Pro

Active Installations: 5,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9289

NVD References:

- https://codecanyon.net/item/wordpress-woocommerce-affiliate-program/23580333

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ed19835f-2718-41d8-95af-47c8b9589529?source=cve

CVE-2024-44014 - Vmax Project Manager in versions n/a through 1.0 is vulnerable to Path Traversal, allowing for PHP Local File Inclusion and Code Injection.

Product: Vmaxstudio Vmax Project Manager

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44014

NVD References: https://patchstack.com/database/vulnerability/vmax-project-manager/wordpress-vmax-project-manager-plugin-1-0-local-file-inclusion-to-rce-vulnerability?_s_id=cve

CVE-2024-47350 - YITH YITH WooCommerce Ajax Search is vulnerable to SQL Injection from versions n/a through 2.8.0, allowing attackers to execute malicious SQL commands.

Product: YITH YITH WooCommerce Ajax Search

Active Installations: 40,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47350

NVD References: https://patchstack.com/database/vulnerability/yith-woocommerce-ajax-search/wordpress-yith-woocommerce-ajax-search-plugin-2-8-0-sql-injection-vulnerability?_s_id=cve

CVE-2024-8911 - The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11, allowing unauthenticated attackers to potentially take over administrator accounts.

Product: LatePoint WordPress Plugin

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8911

NVD References:

- https://wpdocs.latepoint.com/changelog/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve

CVE-2024-8943 - The LatePoint plugin for WordPress is vulnerable to authentication bypass up to version 5.0.12, allowing unauthenticated attackers to log in as any existing user on the site if they have access to the user id.

Product: LatePoint LatePoint plugin for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8943

NVD References:

- https://wpdocs.latepoint.com/changelog/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=cve

CVE-2024-41276 - Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism through a request limiting flaw, enabling unauthorized access through a brute force attack.

Product: Kaiten

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41276

NVD References:

- https://github.com/artemy-ccrsky/CVE-2024-41276

- https://kaiten.ru/

CVE-2024-25660 - Infinera TNMS 19.10.3 WebDAV service allows low-privileged remote attackers to conduct unauthorized file operations due to unnecessary privilege execution.

Product: Infinera TNMS (Transcend Network Management System)

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25660

NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25660

CVE-2024-9392 - Firefox and Thunderbird versions prior to 131, 128.3, and 115.16 could allow for arbitrary loading of cross-origin pages due to a compromised content process.

Product: Mozilla Firefox and Thunderbird

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9392

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1899154

- https://bugzilla.mozilla.org/show_bug.cgi?id=1905843

- https://www.mozilla.org/security/advisories/mfsa2024-46/

- https://www.mozilla.org/security/advisories/mfsa2024-47/

- https://www.mozilla.org/security/advisories/mfsa2024-48/

- https://www.mozilla.org/security/advisories/mfsa2024-49/

- https://www.mozilla.org/security/advisories/mfsa2024-50/

CVE-2024-9401 & CVE-2024-9402 - Firefox, Firefox ESR, and Thunderbird versions prior to 131 are susceptible to memory safety bugs that could potentially lead to arbitrary code execution.

Product: Mozilla Firefox, Firefox ESR, and Thunderbird

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9401

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9402

NVD References:

- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1916476

- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476

- https://www.mozilla.org/security/advisories/mfsa2024-46/

- https://www.mozilla.org/security/advisories/mfsa2024-47/

- https://www.mozilla.org/security/advisories/mfsa2024-48/

- https://www.mozilla.org/security/advisories/mfsa2024-49/

- https://www.mozilla.org/security/advisories/mfsa2024-50/

CVE-2024-47608 - Logicytics is susceptible to shell injections on compromised devices, but the vulnerability has been patched in version 2.3.2.

Product: Definetlynotai Logicytics

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47608

NVD References: https://github.com/DefinetlyNotAI/Logicytics/security/advisories/GHSA-5wvr-vvqf-668m

NVD References: https://www.codefactor.io/repository/github/definetlynotai/logicytics/issues/main

CVE-2024-45999 - Cloudlog 2.6.15 is vulnerable to SQL Injection via the get_station_info() function in Oqrs_model.php.

Product: Magicbug Cloudlog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45999

NVD References: https://chiggerlor.substack.com/p/cve-2024-45999

CVE-2024-45186 - FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.

Product: FileSender

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45186

NVD References: https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/

CVE-2024-35293 - SCHNEIDER Elektronik's 700 series are susceptible to remote attackers exploiting missing authentication to reboot or erase devices, leading to potential data loss and denial of service.

Product: SCHNEIDER Elektronik's 700 series

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35293

NVD References: https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdf

CVE-2024-9429 - Code-projects Restaurant Reservation System 1.0 is vulnerable to a critical SQL injection flaw in the /filter2.php file, allowing for remote attacks.

Product: Code-Projects Restaurant Reservation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9429

NVD References:

- https://code-projects.org/

- https://github.com/ppp-src/a/issues/23

CVE-2024-44193 - iTunes 12.13.3 for Windows allows local attackers to elevate their privileges due to a logic issue that has been fixed with improved restrictions.

Product: iTunes 12.13.3 for Windows

CVSS Score: 8.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44193

ISC Podcast: https://isc.sans.edu/podcastdetail/9170

NVD References: https://support.apple.com/en-us/121328

CVE-2024-20518 through CVE-2024-20521 - Cisco Small Business RV042, RV042G, RV320, and RV325 Routers are vulnerable to arbitrary code execution by an authenticated, remote attacker with Administrator-level credentials.

Product: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20518

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20519

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20520

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20521

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

CVE-2024-9441 - The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection flaw that allows remote attackers to execute arbitrary commands.

Product: Linear eMerge e3-Series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9441

NVD References:

- https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/

- https://vulncheck.com/advisories/linear-emerge-forgot-password

CVE-2024-9460 - Codezips Online Shopping Portal 1.0 is vulnerable to a critical sql injection attack through the manipulation of the argument username in the file index.php, allowing for remote exploitation after public disclosure.

Product: Codezips Online Shopping Portal

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9460

NVD References: https://github.com/ppp-src/CVE/issues/8

CVE-2024-41593 - DrayTek Vigor310 devices are vulnerable to remote code execution due to a heap-based Buffer Overflow in the ft_payload_dns() function.

Product: Draytek Vigor3912

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41593

NVD References:

- https://www.forescout.com/resources/draybreak-draytek-research/

- https://www.forescout.com/resources/draytek14-vulnerabilities

CVE-2024-43699 - Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx, allowing unauthenticated attackers to access records.

Product: Delta Electronics DIAEnergie

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43699

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03

- https://www.deltaww.com/en-US/Cybersecurity_Advisory

CVE-2023-26770 - TaskCafe 0.3.2 lacks Cookie value validation, allowing unauthenticated attackers to change a user's password with knowledge of their UserID.

Product: TaskCafe 0.3.2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26770

NVD References:

- https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory

- https://github.com/JordanKnott/taskcafe

CVE-2024-45249 - Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product: Cavok before versions 4.7.2, 4.6.11

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45249

NVD References: https://www.gov.il/en/Departments/faq/cve_advisories

CVE-2024-45251 & CVE-2024-45252 - Elsight –Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product: Elsight Halo version 11.7.1.5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45251

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45252

NVD References: https://www.gov.il/en/Departments/faq/cve_advisories

CVE-2024-44097 - The vulnerable product does not properly validate server certificates during TLS connections, leaving it open to interception and potential data compromise by network attackers.

Product: Nest cameras and doorbells firmware

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44097

NVD References: https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA

CVE-2024-33066 - Improper Input Validation in WLAN Resource Manager can lead to memory corruption

Product: Multiple chipsets

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33066

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

CVE-2024-20100, CVE-2024-20101, & CVE-2024-20103 - In MediaTek chipsets, WLAN driver is vulnerable to out of bounds write, allowing for remote code execution without user interaction, with patch ID ALPS08998449.

Product: Multiple Mediatek chipsets

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20100

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20101

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20103

NVD References: https://corp.mediatek.com/product-security-bulletin/October-2024

CVE-2024-46446 - Mecha CMS 3.0.0 is vulnerable to Directory Traversal, enabling an attacker to delete arbitrary files or take over the website.

Product: Mecha CMS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46446

NVD References:

- http://mecha-cmscom.com

- https://github.com/Sp1d3rL1/Mecha-cms-Arbitrary-File-Deletion-Vulnerability

CVE-2024-46076 - RuoYi v4.7.9 and before contains a security flaw that allows for injection of malicious code through escaping from comments in the code generation feature.

Product: RuoYi v4.7.9

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46076

NVD References:

- https://gist.github.com/kkll5875/f237f200bae6db6b47eea3236d82ad0d

- https://github.com/yangzongzhuan/RuoYi

CVE-2024-45873 - VegaBird Yaazhini 2.0.2 is vulnerable to DLL hijacking, enabling attackers to execute arbitrary code by placing a crafted DLL file in the same directory as Yaazhini.exe.

Product: VegaBird Yaazhini

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45873

NVD References:

- http://vegabird.com

- https://sploitus.com/exploit?id=PACKETSTORM:181912

CVE-2024-45874 - VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code by placing a crafted DLL file in the same directory as Vooki.exe.

Product: VegaBird Vooki

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45874

NVD References:

- http://vegabird.com

- https://sploitus.com/exploit?id=PACKETSTORM:181913

CVE-2024-41798 - SENTRON 7KM PAC3200 (All versions) devices are vulnerable to unauthorized administrative access through the Modbus TCP interface due to a weak 4-digit PIN protection.

Product: Siemens SENTRON 7KM PAC3200

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41798

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-850560.html

CVE-2024-47553 - Siemens SINEC Security Monitor (< V4.9.0) allows authenticated attackers to execute arbitrary code with root privileges through insufficient validation of user input in the ```ssmctl-client``` command.

Product: Siemens SINEC Security Monitor

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47553

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-430425.html

CVE-2024-8884 - A vulnerability in Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series products could lead to the exposure of credentials if an attacker gains access to the application over http.

Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884

NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-07&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-07.pdf

CVE-2024-3057 - A flaw exists in in Pure Storage FlashArray whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

Product: Pure Storage FlashArray

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057

NVD References: https://support.purestorage.com/category/m_pure_storage_product_security

CVE-2024-44349 - AnteeoWMS before v4.7.34 is vulnerable to a SQL injection attack in the login portal, allowing attackers to execute arbitrary SQL commands and access certain data in the database without authentication.

Product: Anteeo AnteeoWMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349

NVD References:

- https://blog.cybergon.com/posts/cve-2024-44349/

- https://cybergon.com/

CVE-2024-20659 - Windows Hyper-V Security Feature Bypass Vulnerability

Product: Microsoft Windows Hyper-V

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20659

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20659

CVE-2024-38212, CVE-2024-38261, CVE-2024-38265, CVE-2024-43453, CVE-2024-43564, CVE-2024-43589, CVE-2024-43592, CVE-2024-43593, CVE-2024-43607, CVE-2024-43608, & CVE-2024-43611 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities

Product: Microsoft Windows Routing and Remote Access Service (RRAS)

CVSS Scores: 7.8 - 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38212

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38261

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38265

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43453

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43564

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43589

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43592

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43593

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43607

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43608

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43611

ISC Diary: https://isc.sans.edu/diary/31336

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38212

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38265

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43453

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43564

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43589

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43592

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43593

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43607

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43608

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43611

The following vulnerabilities need a manual review:

CVE-2024-7025

CVE-2024-9369

CVE-2024-9370