Weekly Vulnerability Report: Critical Security Flaws Identified by Cyble in GitHub, FortiOS, and PHP
14 June 2024 at 14:55
Critical Vulnerabilities and Their Impact
Here are details and analysis of five of the most critical vulnerabilities identified by Cyble.GitHub Access Token (CVE-2024-37051)
Overview: Exposed access tokens have been identified, which could allow unauthorized individuals to access GitHub accounts. This can lead to the manipulation or theft of code, posing a severe threat to software integrity and security. Impact: Unauthorized access to repositories can result in the leakage of sensitive information, insertion of malicious code, and potential compromise of projects dependent on the affected repositories.FortiOS SSL-VPN (CVE-2022-42475)
Overview: A critical heap-based buffer overflow vulnerability in FortiOS SSL-VPN has been actively exploited in cyber-espionage campaigns. This vulnerability allows attackers to execute arbitrary code on the affected systems. Impact: Successful exploitation can lead to full control over the compromised system, enabling data theft, network breaches, and service disruptions.PHP Remote Code Execution (CVE-2024-4577)
Overview: Multiple versions of PHP have been found vulnerable to remote code execution. This vulnerability has been exploited to deploy ransomware, affecting web servers running the compromised PHP versions. Impact: Exploitation can result in the complete compromise of web servers, data exfiltration, and file encryption for ransom.Netgear Authentication Bypass (CVE-2024-36787)
Overview: A vulnerability in Netgear routers allows attackers to bypass authentication mechanisms, granting unauthorized access to router settings. Impact: Unauthorized access can modify network settings, intercept data, and further network compromises.Veeam Backup Enterprise Manager (CVE-2024-29849)
Overview: A critical vulnerability in Veeam Backup Enterprise Manager allows unauthenticated users to log in, posing a high risk of data theft and manipulation. Impact: Unauthorized access to backup systems can result in data breaches, loss of critical backup data, and potential operational disruptions.Weekly Vulnerability Report: Highlights
CVE-2024-37051
Impact Analysis: A critical vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform affects all IntelliJ-based IDEs, leading to the exposure of GitHub access tokens. TAs can leverage the vulnerability by using exposed tokens to gain unauthorized access to user GitHub accounts and repositories and possibly deploy malicious code or delete the repositories. Internet Exposure: No Patch: AvailableCVE-2022-42475
Impact Analysis: A critical heap-based buffer overflow vulnerability in FortiOS SSL-VPN and FortiProxy SSL-VPN allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. Reports suggest that Chinese TAs weaponized this vulnerability in cyber-espionage campaigns targeting government institutions for a few months between 2022 and 2023 to deploy malware on vulnerable Fortigate network security appliances. Internet Exposure: Yes Patch: AvailableCVE-2024-4577
Impact Analysis: A critical remote code execution (RCE) vulnerability affecting PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8 when using Apache and PHP-CGI on Windows. PHP is a widely used open-source scripting language designed for web development, and the vulnerability can reveal the source code of scripts and enable TAs to run arbitrary PHP code on the server. Recently, researchers observed that the TellYouThePass ransomware gang has been exploiting the vulnerability to deliver webshells and execute the encryptor payload on target systems. Internet Exposure: Yes Patch: AvailableCVE-2024-4610
Impact Analysis: A use-after-free vulnerability in Arm Ltd Bifrost GPU Kernel Driver and Arm Ltd Valhall GPU Kernel Driver allows local non-privileged users to gain access to already freed memory through improper GPU memory processing operations. Internet Exposure: No Patch: AvailableCVE-2024-36787
Impact Analysis: This vulnerability in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface, posing a severe threat to network security and sensitive user data. Internet Exposure: Yes Patch: Not specifiedCVE-2024-29849
Impact Analysis: A vulnerability in Veeam Backup Enterprise Manager (VBEM) allows unauthenticated attackers to log in as any user to the enterprise manager web interface. This poses a high risk due to the global use of Veeam products and the availability of publicly available proof-of-concept (PoC). Internet Exposure: Yes Patch: AvailableCVE-2019-9082 & CVE-2018-20062
Impact Analysis: These vulnerabilities impact ThinkPHP, an open-source PHP framework with an MVC structure, leading to remote code execution (RCE). Chinese threat actors have leveraged these vulnerabilities to install a persistent web shell named Dama. Internet Exposure: No Patch: Not specifiedCVE-2024-24919
Impact Analysis: This vulnerability impacts Check Point Remote Access VPN and allows attackers to read information from Internet-connected gateways with remote access VPN or mobile access enabled. It has been exploited in zero-day attacks since April 30, enabling lateral movement through victim networks by stealing Active Directory data. Internet Exposure: Yes Patch: AvailableCVE-2024-30080
Impact Analysis: A critical remote code execution vulnerability in Microsoft’s Message Queuing (MSMQ) can be exploited by unauthenticated attackers via specially crafted malicious MSMQ packets. Microsoft addressed the flaw in its monthly Patch Tuesday update. Internet Exposure: Yes Patch: AvailableIndustrial Control Systems (ICS) Vulnerabilities
![](../themes/icons/grey.gif)
Recommended Mitigation Strategies
To mitigate the risks associated with these vulnerabilities, the following strategies are recommended:- Regular Software and Hardware Updates: Ensure all systems and devices are up to date with the latest security patches and firmware updates.
- Patch Management: Implement a comprehensive patch management process to promptly address and apply patches for known vulnerabilities.
- Network Segmentation: Segment networks to limit the spread of attacks and reduce the attack surface.
- Incident Response and Recovery Plans: Develop and regularly update incident response and recovery plans to ensure swift action in the event of a breach.
- Monitoring and Logging Solutions: Deploy advanced monitoring and logging solutions to detect and respond to suspicious activities in real time.
- Regular Vulnerability Assessments and Penetration Testing: Conduct regular vulnerability assessments and penetration tests to identify and remediate security weaknesses.
- Strong Password Policies and Multi-Factor Authentication: Enforce strong password policies and implement multi-factor authentication to enhance access control.
Conclusion
The findings of the Weekly Vulnerability Intelligence Report highlight the critical need for continuous vigilance and proactive cybersecurity measures. Organizations must prioritize patch management, conduct regular security audits, and maintain incident response plans to protect against emerging threats.![Weekly Vulnerability Report](../themes/icons/grey.gif)