Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from November that should be immediately patched or addressed if present in your environment. Detailed writeups are below:
CVE-2023-43902
CVE-2023-43902 is a critical Privilege Escalation vulnerability with a high severity rating of 9.8 out of 10 according to the NIST CVSSv3 criteria. This flaw is present in EMSigner version 2.8.7, a widely used software for digital signature and document management. The core issue lies in the handling of password reset tokens within the software. Specifically, the vulnerability allows unauthenticated attackers to gain access to the accounts of all registered users, including those with administrator privileges, by exploiting a flaw in the password reset mechanism. In technical terms, the vulnerability arises due to insufficient validation of password reset tokens. This means that an attacker can craft a malicious token that bypasses the standard authentication process, thereby granting them unauthorized access to any user account. This is particularly concerning because it does not require any form of user interaction, making it easier for an attacker to exploit the vulnerability. For more technical details or proof of concept, refer to the SecPro documentation and the NVD entry.
CVE-2023-47246
In SysAid On-Premise before version 23.3.36, a Path Traversal vulnerability, CVE-2023-47246, exists that could lead to code execution. This vulnerability was exploited in the wild in November 2023. The severity of this issue is classified as CRITICAL, with a NIST CVSSv3 base score rating of 9.8/10. The affected systems are those running SysAid On-Premise versions before 23.3.36. The vulnerability allows attackers to execute arbitrary code by performing a path traversal attack, accomplished by writing a malicious file to the Tomcat webroot. The attack complexity is low, but it does not require user interaction. It’s important to note that this vulnerability has been exploited in real-world incidents. To mitigate this risk, it is recommended to follow the vendor’s instructions for applying mitigations or, if mitigations are unavailable, consider discontinuing the use of the product. For more technical details or proof of concept, you can refer to the provided documentation links, and please be aware that this CVE is listed in CISA’s Known Exploited Vulnerabilities Catalog, so additional guidance and requirements may apply. For more information, refer to the vendor advisory and the NVD entry.
CVE-2023-6074
A critical vulnerability, documented as CVE-2023-6074, has been discovered in PHPGurukul Restaurant Table Booking System version 1.0. This vulnerability is associated with the file check-status.php within the component Booking Reservation Handler. The issue allows for SQL injection, and it has been rated as critical in severity. The vulnerability arises from improper handling of user input in the check-status.php file, which could be exploited to inject malicious SQL queries into the system. The attack can be initiated remotely, meaning that an attacker does not need physical access to the system but can exploit it from a distance. The affected version is 1.0 of the PHPGurukul Restaurant Table Booking System, and the default status of other versions is currently marked as unknown. Users and administrators of this software are strongly advised to take immediate action to address this critical vulnerability, including updating to a patched version, implementing relevant security measures, or temporarily discontinuing use until a fix is available. For more information, you can refer to the VulDB entry and the NVD entry on the vulnerability.
CVE-2023-48020
A Cross-Site Request Forgery (CSRF) issue, documented as CVE-2023-48020, in Dreamer CMS v4.1.3, could lead to unauthorized actions being performed on behalf of authenticated users. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and affects Dreamer CMS version 4.1.3 specifically through the endpoint /admin/task/changeStatus. The vulnerability allows attackers to trick authenticated users into submitting a request to the vulnerable endpoint, which can result in unauthorized actions being performed without the user’s knowledge. The attack complexity is low, and it requires some user interaction, typically through social engineering or other deceptive practices. Users of Dreamer CMS v4.1.3 are advised to update to a version where this vulnerability has been addressed or to implement CSRF protection mechanisms if not already present. Technical details and potential exploits have been published, as referenced in the GitHub advisory and NVD entry.
CVE-2023-28134
A Local Privilege Escalation issue in Check Point Harmony Endpoint/ZoneAlarm Extreme Security, given the identifier CVE-2023-28134, could allow a local attacker to escalate privileges on affected installations. This vulnerability has a NIST CVSSv3 base score rating of 7.8/10 and affects Check Point Endpoint Security versions E84, E85, and E86. The vulnerability allows an attacker who has already obtained the ability to execute low-privileged code on the target system to exploit this vulnerability for higher privilege escalation. The attack complexity is low, and it does not require user interaction. The vulnerability results from incorrect permission assignment for critical resources. Users of affected versions are advised to follow the vendor’s recommendations for mitigation. For more information on this vulnerability, check out the NVD entry. Check Point has also provided a vendor advisory with mitigation measures.
Conclusion:
Software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked. Keeping informed about critical vulnerabilities that could potentially affect your network environment is essential to maintaining your organization’s cybersecurity.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
