Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from June that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2024-30103
CVE-2024-30103 is classified as a Remote Code Execution (RCE) vulnerability affecting various editions of Microsoft Outlook. This critical security flaw allows attackers to execute arbitrary code remotely without the need for direct interaction with the victim, other than the victim having the Preview Pane open in Outlook. The vulnerability is identified under CWE-184 for an incomplete list of disallowed inputs, allowing such remote execution by bypassing Outlook’s registry block lists and facilitating the creation of malicious DLL files. The vulnerability scores a CVSS v3.1 base score of 8.8, indicating a high severity. According to the CVSS vector CVSS:3.0/AV/AC/PR/UI/S/C/I/A, the attack can be launched from the network (AV), has low complexity (AC), requires low privileges (PR), and does not need user interaction (UI). This makes it a critical issue as it impacts the confidentiality, integrity, and availability of the system highly (C/I/A). Microsoft has recognized the severity of this issue and released security updates on June 11, 2024, to mitigate the vulnerability across several versions of Outlook and Office products. The updates are crucial as the Preview Pane acts as an attack vector, and the exploitation likelihood, although rated as less likely, presents significant risk if accomplished. Users and administrators are urged to apply these security updates immediately to protect against potential exploits targeting this vulnerability. For detailed guidance on the updates and to ensure the security of your systems, you should visit this Microsoft advisory. This proactive update is part of Microsoft’s ongoing effort to safeguard its user base against evolving cybersecurity threats.
CVE-2024-37081
CVE-2024-37081 describes a series of local privilege escalation vulnerabilities found in VMware’s vCenter Server Appliance, attributed to a misconfiguration in the sudo settings. This vulnerability allows authenticated local users with non-administrative privileges to escalate their privileges to root. The technical specifics indicate that the flaw stems from the improper configuration settings within sudo, a common utility in Unix-like operating systems that allows users to run programs with the security privileges of another user, typically the superuser or root. The vulnerability has been given a high severity rating with a CVSS v3 base score of 7.8, according to the vector CVSS:3.0/AV/AC/PR/UI/S/C/I/A. This scoring reflects the fact that the vulnerability is locally exploitable, has low attack complexity, requires low privileges, and does not need user interaction. The high scores in confidentiality, integrity, and availability imply that successful exploitation of this vulnerability could lead to significant impacts on the affected systems. As of the latest updates, no CVSS v4 score has been provided, and the vulnerability is still awaiting further analysis by NVD analysts. However, the existence of this vulnerability underscores the importance of proper configuration and privilege management within critical systems like vCenter Server. VMware and other security sources have likely provided advisories and patches to address this vulnerability, urging users to update or reconfigure their systems as necessary to mitigate the risks associated with this flaw. Users of vCenter Server Appliance are advised to review the security advisories and apply VMware’s recommended security patches or updates promptly to protect their systems from potential attacks exploiting this vulnerability. For detailed guidance and updates, administrators should refer to VMware patch notes and this Tenable advisory.
CVE-2024-5035
CVE-2024-5035 highlights a critical remote command execution vulnerability found in the TP-Link Archer C4500X device. This issue arises due to an exposed network service known as “rftest” on TCP ports 8888, 8889, and 8890, which is susceptible to unauthenticated command injection. An attacker can exploit this flaw to execute arbitrary commands on the device with elevated privileges, without requiring authentication. The vulnerability has been assigned a high severity rating with a CVSS v3 base score of 9.8 and a CVSS vector of CVSS:3.0/AV/AC/PR/UI/S/C/I/A. This scoring indicates that the vulnerability is exploitable from the network without any form of user interaction or privilege, and it poses a high threat to the confidentiality, integrity, and availability of the system. Given the critical nature of this vulnerability, it is essential for administrators and users of affected devices to take immediate action to mitigate the risk. This can typically involve updating the firmware of the device to a version that addresses this specific vulnerability. TP-Link has likely released such updates, and users should consult the TP-Link support page or the provided security advisories for detailed instructions on how to secure their devices. For ongoing protection, users should also consider implementing additional security measures such as network segmentation and strict access controls to minimize the potential impact of such vulnerabilities in the future. Regularly reviewing and updating device configurations and firmware can help in maintaining security against newly discovered threats. For further documentation on this vulnerability, refer to the NVD’s entry and the relevant Tenable advisory
CVE-2024-22267
CVE-2024-22267 is a critical use-after-free vulnerability identified in VMware’s Workstation and Fusion products, specifically within the vBluetooth device component. This vulnerability allows a malicious actor, who already has local administrative privileges on a virtual machine, to execute code on the host machine as the VMX process that runs the virtual machine. This ability to execute code on the host machine elevates the potential impact of the exploitation, bridging the virtual environment to the host system, which could lead to a full compromise of the host’s security integrity. The vulnerability has been assessed with a high CVSS v2 base score of 7.2, which emphasizes its potential impact due to the high levels of confidentiality, integrity, and availability it can compromise (Vector: CVSS2#AV/AC/Au/C/I/A). Furthermore, under CVSS v3, the vulnerability achieves a base score of 9.3 with a vector of CVSS:3.0/AV/AC/PR/UI/S/C/I/A, highlighting the critical nature of the vulnerability due to its low attack complexity, no required user interaction, and the high potential impact on confidentiality, integrity, and availability. This vulnerability was prominently addressed by VMware following its exploitation at the Pwn2Own Vancouver 2024 competition, demonstrating the practical and immediate threat it posed. VMware has provided fixes and advisories via their official support channels. Users and administrators are strongly advised to apply the provided patches or updates to mitigate the vulnerability effectively. Given the severity and the nature of this vulnerability, it is crucial for organizations utilizing VMware Workstation and Fusion to review their systems for this specific vulnerability and apply VMware’s security updates without delay. Doing so will help safeguard their systems from potential exploits that seek to leverage this vulnerability for malicious purposes. For detailed guidance, affected parties should refer to the advisories posted on VMware’s official support website or the Tenable documentation.
CVE-2024-22270
CVE-2024-22270 details a significant information disclosure vulnerability located within the Host Guest File Sharing (HGFS) functionality of VMware Workstation and Fusion. This vulnerability enables a malicious actor, who has local administrative privileges on a virtual machine, to access privileged information stored in the hypervisor’s memory. Such access can lead to exposure of sensitive data, which should normally be securely isolated within the hypervisor environment. The vulnerability has been assigned a CVSS v3 base score of 7.1, with a vector of CVSS:3.0/AV/AC/PR/UI/S/C/I/A, reflecting its potential severity. The score indicates that while the attack requires local access with low attack complexity and no privileges or user interaction, it has a high impact on confidentiality and does not affect integrity or availability. This discrepancy in scoring between CVSS v2 and v3, where v2 gives a lower severity score, highlights the importance of considering the most appropriate scoring system contextually, as v3 provides a more nuanced understanding of the risks posed by this type of vulnerability in a virtualized environment. This issue was disclosed and addressed as part of VMware’s response to vulnerabilities demonstrated at the Pwn2Own Vancouver 2024 event. VMware has since released updates and patches to mitigate this vulnerability, ensuring that unauthorized information disclosure is prevented. Users and administrators are strongly advised to apply these updates to VMware Workstation and Fusion to protect their systems from potential exploits that could leverage this vulnerability. For comprehensive mitigation, users should ensure that all virtual machines have restricted administrative access and that the latest security patches are applied. Additionally, monitoring and logging all access and activities within virtual environments can help in early detection of attempts to exploit such vulnerabilities. For detailed patching instructions and further advisories, users should refer to the links provided in VMware’s security advisory linked above and the Tenable documentation.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
