Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from May that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2024-24919
CVE-2024-24919 is a high-severity information disclosure vulnerability identified in Check Point Security Gateways, specifically affecting devices configured with the IPSec VPN or Mobile Access software blades. This vulnerability allows an unauthenticated remote attacker to access sensitive information on the Security Gateway, potentially leading to lateral movement and domain admin privileges acquisition. This is especially critical as exploitation can be performed remotely with a low attack complexity. Although a CVSS score has not yet been officially assigned by NVD, the seriousness of the vulnerability is highlighted by its inclusion in CISA’s Known Exploit Vulnerabilities Catalog, indicating a significant risk to affected organizations. The underlying issue stems from an information disclosure flaw that enables the reading of arbitrary files on the Gateway, which could include sensitive data such as password hashes. Affected versions span multiple releases including R77.20 through R81.20 across various Quantum Security Gateways, Maestro, Scalable Chassis, and Spark Appliances. To mitigate this threat, Check Point has issued several Jumbo Hotfix Accumulators and recommends immediate installation to prevent exploitation. Additionally, organizations are advised to reset passwords and move towards certificate-based authentication for VPN access to enhance security posture. Further details and the hotfix installation guide can be found on Check Point’s support page at Check Point’s advisory URL.
CVE-2024-21683
CVE-2024-21683 presents a high-severity Remote Code Execution (RCE) vulnerability in Confluence Data Center and Server, first appearing in version 5.2 of the software. This vulnerability allows an authenticated attacker to execute arbitrary code on the server without requiring user interaction, posing significant threats to the confidentiality, integrity, and availability of the affected systems. Atlassian, the developer of Confluence, has recognized the critical nature of this flaw, assigning it a CVSS v3 score of 8.3. The CVSS vector breakdown, CVSS:3.0/AV/AC/PR/UI/S/C/I/A, indicates that while the attack requires high privileges, it can be executed remotely with low complexity and no user interaction, leading to high impacts across confidentiality, integrity, and availability. To mitigate this vulnerability, Atlassian recommends upgrading to the latest or other specified supported fixed versions of Confluence Data Center and Server. Links to the download center and release notes have been provided by Atlassian to assist users with the upgrade process. This proactive disclosure and recommended swift upgrade underscore the importance of maintaining updated software to safeguard against potential security threats. For further guidance, users should consult the official advisories at the provided URL.
CVE-2024-35469
CVE-2024-35469 details a critical SQL injection vulnerability discovered in the SourceCodester Human Resource Management System version 1.0. This flaw is located in the /hrm/user/ endpoint and enables attackers to execute arbitrary SQL commands via the password parameter. Given the nature of the exploit, the vulnerability allows for direct interaction with the database, potentially leading to the compromise of sensitive information, unauthorized data modification, or even complete database takeover. This SQL injection issue has been assigned a CVSS v3 base score of 9.8, indicating its severe impact. The vector, CVSS:3.0/AV/AC/PR/UI/S/C/I/A, explains that the vulnerability can be exploited remotely with low attack complexity and no required privileges or user interaction, affecting the confidentiality, integrity, and availability of the application significantly. Since this vulnerability poses a substantial risk, users of the affected system are strongly advised to apply necessary patches or updates provided by SourceCodester, or implement suitable mitigations to guard against potential attacks. For more detailed guidance and updates, stakeholders should refer to the provided GitHub and SourceCodester links.
CVE-2024-23706
CVE-2024-23706 identifies a security flaw in the Android platform’s HealthFitness package, where improper input validation allows for unauthorized bypass of health data permissions. This vulnerability facilitates a local escalation of privilege without the need for additional execution privileges and does not require user interaction to be exploited. Specifically, this security issue is present in multiple locations within the system, increasing the likelihood of exploitation if left unaddressed. The vulnerability has been rated with a CVSS v3 base score of 7.8, indicating a high level of severity. The associated CVSS vector, CVSS:3.0/AV/AC/PR/UI/S/C/I/A, reflects that the vulnerability is locally exploitable with low attack complexity and low privileges. It significantly impacts the confidentiality and integrity of the data, along with system availability. Given these characteristics, it poses a substantial security risk, particularly for environments where sensitive health data is managed. Android users are urged to ensure their systems are updated as patches for this vulnerability have been included in Android’s security updates as detailed on their official security bulletin page. The updates address the flaw by correcting the input validation process, thereby preventing unauthorized data access and ensuring the integrity of health data permissions. For further information and to verify the application of necessary security patches, users and administrators should refer to the detailed documentation and update notes provided by Android listed in their security bulletin.
CVE-2024-30040
CVE-2024-30040 describes a critical security feature bypass vulnerability in the Windows MSHTML platform. This vulnerability allows an attacker to circumvent security features intended to prevent unauthorized actions, potentially leading to further exploitation of the system. The vulnerability has a high CVSS v3 base score of 8.8, as per the vector CVSS:3.0/AV/AC/PR/UI/S/C/I/A, indicating that the attack can be executed remotely, though it requires some user interaction. The impacts on confidentiality, integrity, and availability are all high, underscoring the severity of the risk it poses. The vulnerability is significant enough to be included in CISA’s Known Exploited Vulnerabilities Catalog, necessitating immediate attention and action. Affected versions span a broad range of Windows operating systems, from early Windows 10 releases to the most recent versions of Windows 11 and various iterations of Windows Server. This wide impact surface increases the urgency for applying mitigations. Microsoft has responded with a patch to address this vulnerability, which was part of their May 2024 Patch Tuesday updates that covered multiple other vulnerabilities, including zero-day exploits. It is crucial for administrators and users of affected Windows versions to apply this patch promptly to mitigate the associated risks. Continuous vigilance and regular updates are recommended to protect against potential exploitation. For further details and patching instructions, users should consult the Microsoft Security Response Center (MSRC) and the advisory URL provided in their communications.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact