SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 48
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813 [Guest Diary]
Published: 2024-12-11. Last Updated: 2024-12-11 01:56:21 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program]
Background
In April 2020, at the height of the global pandemic, virtualization was in high demand. During that time, vSphere 7.0 was released. With that release, had two unknown vulnerabilities – a match made in heaven for threat actors. It wasn’t until June 2024 that China’s TZL security researchers revealed CVE-2024-38812 and CVE-2024-38813 at China’s 2024 Matrix Cup – a hacking contest. Since then, both vulnerabilities were published and patched in September, however one of those patches required a hotfix just a month later (CVE-2024-38812).
Findings
The reason that this is a topic of conversation is because I noticed an intermittent pattern of reconnaissance of possible vSphere related web traffic over the course of the last 3.5 months ...
Read the complete entry:
Microsoft Patch Tuesday: December 2024
Published: 2024-12-10.
Last Updated: 2024-12-10 18:39:33 UTC
by Johannes Ullrich (Version: 1)
Microsoft today released patches for 71 vulnerabilities. 16 of these vulnerabilities are considered critical. One vulnerability (CVE-2024-49138) has already been exploited, and details were made public before today's patch release.
Significant Vulnerabilities
CVE-2024-49138: This vulnerability affects the Windows Common Log File System Driver, a subsystem affected by similar privilege escalation vulnerabilities in the past. The only reason I consider this "significant" is that it is already being exploited.
Windows Remote Desktop Services: 9 of the 16 critical vulnerabilities affect Windows Remote Desktop Services. Exploitation may lead to remote code execution. Microsoft considers the exploitation of these vulnerabilities less likely. Even without considering these vulnerabilities, Windows Remote Desktop Service should not be exposed to the internet.
LDAP: Remote code execution vulnerabilities in the LDAP service are always "interesting" given the importance of LDAP as part of Active Directory. Two critical vulnerabilities are patched for LDAP. One with a CVSS score of 9.8. A third critical vulnerability affects the LDAP client.
CVE-2024-49126: LSASS vulnerabilities always make me reminisce of the "Blaster" worm and the related vulnerability back in the day. This one does involve a race condition, which will make exploitation more difficult. It could become an interesting lateral movement vulnerability if a reliable exploit materializes ...
Read the complete entry:
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+December+2024/31508/
Internet Storm Center Entries
CURLing for Crypto on Honeypots (2024.12.09)
https://isc.sans.edu/diary/CURLing+for+Crypto+on+Honeypots/31502/
[Guest Diary] Business Email Compromise (2024.12.05)
https://isc.sans.edu/diary/Guest+Diary+Business+Email+Compromise/31474/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 0
** KEV since 2024-11-20 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
ISC Diary: https://isc.sans.edu/diary/31510
CVE-2024-38813 - The vCenter Server is vulnerable to privilege escalation, allowing a malicious actor to gain root access through a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 0
** KEV since 2024-11-20 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38813
ISC Diary: https://isc.sans.edu/diary/31510
CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability
Product: Microsoft Windows Task Scheduler
CVSS Score: 0
** KEV since 2024-11-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49039
ISC Podcast: https://isc.sans.edu/podcastdetail/9240
CVE-2024-49138 - Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
Product: Windows Microsoft Windows Common Log File System (CLFS) driver
CVSS Score: 7.8
** KEV since 2024-12-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49138
CVE Record: https://www.cve.org/CVERecord?id=CVE-2024-49138
ISC Diary: https://isc.sans.edu/diary/31508
ISC Podcast: https://isc.sans.edu/podcastdetail/9250
MSRC References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138
CVE-2024-11639 - Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access through an authentication bypass in the admin web console.
Product: Ivanti CSA
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11639
ISC Podcast: https://isc.sans.edu/podcastdetail/9250
NVD References:
CVE-2024-11639 - CVE-2024-11772-
CVE-2024-11772 - Ivanti CSA before version 5.0.3 is vulnerable to command injection, enabling a remote authenticated attacker with admin privileges to execute remote code.
CVE-2024-11639 - CVE-2024-11772-
CVE-2024-11772 - Ivanti CSA before version 5.0.3 is vulnerable to command injection, enabling a remote authenticated attacker with admin privileges to execute remote code.
Product: Ivanti CSA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11772
ISC Podcast: https://isc.sans.edu/podcastdetail/9250
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773
CVE-2024-11773 - Ivanti CSA before version 5.0.3 is vulnerable to SQL injection in the admin web console, enabling a remote attacker with admin privileges to execute arbitrary SQL queries.
CVE-2024-11639 - CVE-2024-11772-
CVE-2024-11772 - Ivanti CSA before version 5.0.3 is vulnerable to command injection, enabling a remote authenticated attacker with admin privileges to execute remote code.
Product: Ivanti CSA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11772
ISC Podcast: https://isc.sans.edu/podcastdetail/9250
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773
CVE-2024-11773 - Ivanti CSA before version 5.0.3 is vulnerable to SQL injection in the admin web console, enabling a remote attacker with admin privileges to execute arbitrary SQL queries.
Product: Ivanti CSA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11773
ISC Podcast: https://isc.sans.edu/podcastdetail/9250
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773
CVE-2024-11633 - Ivanti Connect Secure prior to 22.7R2.4 allows admin privileged attackers to remotely execute code by injecting arguments into arguments.
Product: Ivanti Connect Secure
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11633
NVD References: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
CVE-2024-11634 - Ivanti Connect Secure and Ivanti Policy Secure versions before 22.7R2.3 and 22.7R1.2 allow remote attackers with admin privileges to execute code remotely.
Product: Ivanti Connect Secure
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11634
NVD References: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs
CVE-2024-11317 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to session fixation vulnerabilities, enabling attackers to manipulate session identifiers and potentially take over user sessions before login.
Product: ABB ASPECT Enterprise
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11317
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-48839 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to a vulnerability that may allow for Remote Code Execution due to improper input validation.
Product: ABB ASPECT Enterprise
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48839
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-48840 - Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Product: ABB ASPECT Enterprise
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48840
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-48845 - ABB ASPECT - Enterprise v3.07.02, NEXUS Series v3.07.02, and MATRIX Series v3.07.02 have weak password reset rules allowing for the storage of easily guessable passwords, potentially leading to unauthorized access.
Product: ABB ASPECT Enterprise
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48845
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-51545 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are vulnerable to Username Enumeration, allowing unauthorized access to application usernames.
Product: ABB ASPECT Enterprise
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51545
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-51548 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are vulnerable to dangerous file upload vulnerabilities that allow for the upload of malicious scripts.
Product: ABB ASPECT Enterprise
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51548
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-51549 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to Absolute File Traversal vulnerabilities, enabling unauthorized access and modification to unintended resources.
Product: ABB ASPECT Enterprise
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51549
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-51550 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to data validation/data sanitization vulnerabilities allowing unvalidated and unsanitized data injection.
Product: ABB ASPECT Enterprise
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51550
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-51551 - ABB ASPECT on Linux is vulnerable to default credential issues, granting unauthorized access to the product.
Product: ABB ASPECT
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51551
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-51554 - ABB ASPECT on Linux is vulnerable to default credential exploitation, allowing unauthorized access to the system.
Product: ABB ASPECT
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51554
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-51555 - ABB ASPECT, NEXUS Series, and MATRIX Series devices are vulnerable to default credential exploitation due to lack of requirement for password change upon installation.
Product: ABB ASPECT
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51555
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-6515 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 web browser interface may expose credentials due to clear text or Base64 encoding.
Product: ABB ASPECT Enterprise
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6515
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-6516 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are vulnerable to Cross Site Scripting attacks, allowing for malicious scripts to be injected into client browsers.
Product: ABB ASPECT Enterprise
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6516
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-6784 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to Server-Side Request Forgery vulnerabilities, allowing for unauthorized access to resources and unintended information disclosure.
Product: ABB ASPECT Enterprise
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6784
NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch
CVE-2024-35286 - NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 is vulnerable to SQL injection attacks, potentially granting attackers access to sensitive data and allowing them to execute malicious operations.
Product: Mitel MiCollab
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35286
ISC Podcast: https://isc.sans.edu/podcastdetail/9244
CVE-2024-41713 - Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) is vulnerable to an unauthenticated path traversal attack, allowing unauthorized access to view, corrupt, or delete user data and system configurations.
Product: Mitel MiCollab
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41713
ISC Podcast: https://isc.sans.edu/podcastdetail/9244
CVE-2024-37861 & CVE-2024-37863 - Open Robotics Robotic Operating System 2 (ROS2) and Nav2 contain buffer overflow vulnerabilities in the nav2_amcl process when a crafted .yaml file is sent.
Product: Open Robotics Robotic Operating System 2 (ROS2)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37861
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37863
NVD References:
- https://github.com/GoesM/ROS-CVE-CNVDs
- https://github.com/ros-navigation/navigation2/issues/4005
- https://github.com/ros-navigation/navigation2/issues/4335
CVE-2024-38920 - Open Robotics Robotic Operating System 2 (ROS2) and Nav2 are vulnerable to use-after-free via the nav2_amcl process triggered by remote requests to change the dynamic parameter `/amcl max_beams`.
Product: Open Robotics Robotic Operating System 2 (ROS2)
CVSS Score: 9.1 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38920
NVD References:
- https://github.com/GoesM/ROS-CVE-CNVDs
CVE-2024-41647 - Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble is vulnerable to insecure permissions which allows an attacker to execute arbitrary code with a crafted script.
Product: Open Robotics Robotic Operating System 2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41647
NVD References:
- https://github.com/GoesM/ROS-CVE-CNVDs
CVE-2024-54135 & CVE-2024-54136 - ClipBucket V5 PHP Deserialization vulnerabilities
Product: ClipBucket-V5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54135
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54136
NVD References:
- https://github.com/MacWarrior/clipbucket-v5/commit/76a829c088f0813ab3244a3bd0036111017409b0
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-4523-mqmv-wrqx
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78
CVE-2024-55636, CVE-2024-55637, CVE-2024-55638 - Drupal Core is vulnerable to object injection through deserialization of untrusted data.
Product: Drupal Core
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55636
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55637
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55638
NVD References: https://www.drupal.org/sa-core-2024-006
NVD References: https://www.drupal.org/sa-core-2024-007
NVD References: https://www.drupal.org/sa-core-2024-008
CVE-2024-10905 - IdentityIQ is vulnerable to HTTP access to static content in its application directory that should be protected in versions 8.4 and prior.
Product: SailPoint IdentityIQ
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10905
ISC Podcast: https://isc.sans.edu/podcastdetail/9242
CVE-2024-52544 - DP Service is vulnerable to a stack-based buffer overflow on TCP port 3500, but the issue has been fixed in firmware version 2.800.0000000.8.R.20241111.
Product: DPtech DP Service
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52544
NVD References:
CVE-2024-47578 - Adobe Document Service is vulnerable to Server-Side Request Forgery, allowing an attacker with administrator privileges to read or modify files and potentially make the entire system unavailable.
Product: Adobe Document Service
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47578
NVD References:
CVE-2024-54032 - Adobe Connect versions 12.6, 11.4.7 and earlier are vulnerable to stored Cross-Site Scripting (XSS) attacks, allowing attackers to inject and execute malicious scripts in victim's browsers.
Product: Adobe Connect
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54032
NVD References: https://helpx.adobe.com/security/products/connect/apsb24-99.html
CVE-2024-54661 - readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.
Product: socat readline.sh
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54661
NVD References: https://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/readline.sh#l29
CVE-2024-40744 - Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
Product: Joomla Convert Forms
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40744
NVD References: https://www.tassos.gr/joomla-extensions/convert-forms
CVE-2024-53908 - Django versions 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17 are vulnerable to SQL injection when using direct usage of django.db.models.fields.json.HasKey lookup with untrusted data on an Oracle database.
Product: Django
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53908
NVD References:
- https://docs.djangoproject.com/en/dev/releases/security/
CVE-2024-37143 - Dell PowerFlex appliances, racks, custom nodes, InsightIQ, and Data Lakehouse versions prior to specified releases contain an Improper Link Resolution Before File Access vulnerability, allowing unauthenticated remote attackers to potentially execute arbitrary code on the system.
Product: Dell PowerFlex
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37143
NVD References: https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities
CVE-2024-5660 - Travis hardware vulnerability may allow bypass of Stage-2 translation and/or GPT protection.
Product: Armv8 Arm processors
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5660
NVD References: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
CVE-2024-12286 - MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.
Product: MOBATIME Network Master Clock - DTS 4801
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12286
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01
CVE-2024-54920 - Kashipara E-learning Management System v1.0 contains a SQL Injection vulnerability in /teacher_signup.php that can be exploited by remote attackers to gain unauthorized database access.
Product: Lopalopa E-Learning Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54920
NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20Signup%20teacher.pdf
CVE-2024-55560 - MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.
Product: MailCleaner
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55560
NVD References:
- https://github.com/MailCleaner/MailCleaner/commit/28d913eaa044b689eb114f72ebe92d48cb4aaca7
- https://github.com/MailCleaner/MailCleaner/wiki/Watchdogs#host_keys
CVE-2024-55564 - The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.
Product: Perl POSIX::2008
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55564
NVD References: https://metacpan.org/dist/POSIX-2008/changes
CVE-2024-54747 - WAVLINK WN531P3 202383 has a hardcoded password vulnerability in /etc/shadow, enabling unauthorized root access.
Product: WAVLINK WN531P3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54747
NVD References:
CVE-2024-54750 - Ubiquiti U6-LR 6.6.65 has a hardcoded password vulnerability in /etc/shadow, enabling unauthorized access to root.
Product: Ubiquiti U6-LR
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54750
NVD References: https://colorful-meadow-5b9.notion.site/U6-LR_HardCode_vuln-14bc216a1c30806487ebdda3bb984e91?pvs=4
CVE-2024-47547 - Ruijie Reyee OS versions up to 2.320.x have a weak password change mechanism, making authentication vulnerable to brute force attacks.
Product: Ruijienetworks Reyee OS
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47547
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
CVE-2024-48874 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x allow attackers to control proxy servers and access internal services and cloud infrastructure via AWS metadata services.
Product: Ruijienetworks Reyee OS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48874
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
CVE-2024-52324 - Ruijie Reyee OS versions 2.206.x up to 2.320.x are vulnerable to execution of arbitrary OS commands via malicious MQTT messages.
Product: Ruijienetworks Reyee OS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52324
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01
CVE-2024-48871 - Planet WGS-804HPT: Version v1.305b210531 is vulnerable to a stack-based buffer overflow, allowing unauthenticated attackers to potentially execute remote code by sending a malicious HTTP request.
Product: Planet WGS-804HPT: Version v1.305b210531
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48871
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02
- https://www.planet.com.tw/en/support/downloads?method=keyword&keyword=v1.305b241111
CVE-2024-52320 - Product X is vulnerable to command injection, allowing unauthenticated attackers to execute remote code via malicious HTTP requests.
Product: Comodo Dome Firewall
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52320
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02
- https://www.planet.com.tw/en/support/downloads?method=keyword&keyword=v1.305b241111
CVE-2024-52335 - syngo.plaza VB30E (All versions < VB30E_HF05) fails to properly sanitize input data, potentially allowing an attacker to execute malicious SQL commands and compromise the entire database.
Product: Siemens syngo.plaza
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52335
NVD References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-160244
CVE-2024-10773 - Hikvision IP cameras are vulnerable to pass-the-hash attacks and hardcoded credentials, allowing attackers to gain full device access through hidden user levels.
Product: Hikvision IP cameras
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10773
NVD References:
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf
CVE-2024-12155 - The SV100 Companion plugin for WordPress allows for unauthorized data modification, leading to privilege escalation and potential administrator access for attackers.
Product: Wordfence SV100 Companion plugin
Active Installations: This plugin has been closed as of December 5, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12155
NVD References:
CVE-2024-51615 - WordPress Auction Plugin is vulnerable to SQL Injection from version n/a through 3.7, exposing users to potential data breaches.
Product: Owen Cutajar & Hyder Jaffari WordPress Auction Plugin
Active Installations: This plugin has been closed as of Disambor 2, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.3
CVE-2024-51815 - WP Sharks s2Member Pro through version 241114 is vulnerable to Code Injection.
Product: WP Sharks s2Member Pro
Active Installations: 10,000+
CVSS Score: 9.0
CVE-2024-53810 - Najeeb Ahmad Simple User Registration is vulnerable to missing authorization, allowing unauthorized access to functionality not restricted by access control lists from versions n/a through 5.5.
Product: Najeeb Ahmad Simple User Registration
Active Installations: 400+
CVSS Score: 9.1
CVE-2024-12209 - The WP Umbrella plugin for WordPress is vulnerable to Local File Inclusion through the 'filename' parameter, allowing unauthenticated attackers to execute arbitrary files on the server and potentially gain sensitive data or achieve code execution.
Product: The WP Umbrella Update Backup Restore & Monitoring plugin
Active Installations: 30,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12209
NVD References:
- https://plugins.trac.wordpress.org/browser/wp-health/tags/v2.16.4/src/Actions/RestoreRouter.php#L45
CVE-2023-32117 - Integrate Google Drive missing authorization vulnerability allows exploiting incorrectly configured access control security levels.
Product: SoftLab Integrate Google Drive
Active Installations: 7,000+
CVSS Score: 9.8
CVE-2024-53822 - Genetech Pie Register Premium is vulnerable to unrestricted upload of dangerous file types before version 3.8.3.3.
Product: Genetech Pie Register Premium
Active Installations: 2,000+
CVSS Score: 10.0
CVE-2024-54221 - Roninwp FAT Services Booking is vulnerable to SQL Injection from versions n/a through 5.6.
Product: Roninwp FAT Services Booking
Active Installations: unknown
CVSS Score: 9.3
CVE-2024-54214 - Revy allows attackers to upload malicious files, such as web shells, to a server due to an unrestricted file upload vulnerability.
Product: Envato Revy
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-54215 - Revy is vulnerable to SQL Injection from versions n/a through 1.18.
Product: Envato Revy
Active Installations: unknown
CVSS Score: 9.3
CVE-2024-43222 - Missing Authorization vulnerability in Envato Security Team Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.
Product: Envato Sweet Date
Active Installations: unknown
CVSS Score: 9.8
Sponsors
Sevco Security
Hampered by incomplete visibility of your assets? Inundated with a high volume of vulnerabilities? Overwhelmed with manual prioritization processes? You’re not alone. A staggering 60% of breaches happen because vulnerabilities go unpatched—even when a fix is available. Learn how to shift to a more proactive, risk-based approach to vulnerability management in this white paper.
SANS
Survey: 2025 ICS Security Budget vs. Modern Risk: Optimizing Cybersecurity Investments for ICS/OT and Critical Infrastructure | With this survey, SANS is looking to understand how organizations in critical infrastructure sectors are allocating resources to defend their ICS/OT environments. Complete the survey by December 30 for a chance to win a $250 Amazon gift card!
SANS
Survey: 2025 ICS Security Budget vs. Modern Risk: Optimizing Cybersecurity Investments for ICS/OT and Critical Infrastructure | With this survey, SANS is looking to understand how organizations in critical infrastructure sectors are allocating resources to defend their ICS/OT environments. Complete the survey by December 30 for a chance to win a $250 Amazon gift card!
SANS
Survey: 2025 ICS Security Budget vs. Modern Risk: Optimizing Cybersecurity Investments for ICS/OT and Critical Infrastructure | With this survey, SANS is looking to understand how organizations in critical infrastructure sectors are allocating resources to defend their ICS/OT environments. Complete the survey by December 30 for a chance to win a $250 Amazon gift card!