Cyble Research & Intelligence Labs (CRIL) analyzed 23 vulnerabilities in its weekly vulnerability report for June 19-25, including critical flaws in products from the likes of Microsoft, Adobe, MOVEit and more. The report focuses on 10 vulnerabilities in particular: Three in Microsoft products – including a 7-year-old Office flaw facing new exploits – and one each in products from Adobe, MOVEit, VMware, Fortra, Phoenix Technologies, SolarWinds, and Themify. Thousands of new security vulnerabilities are discovered each year, yet only a small percentage of those are actively exploited by threat actors. To help security teams focus on the most important vulnerabilities and threats, The Cyber Express each week partners with Cyble’s highly skilled dark web and threat intelligence researchers to highlight security vulnerabilities that warrant particularly close attention.

The Week’s Top Vulnerabilities

These are the 10 high-severity and critical vulnerabilities Cyble researchers focused on this week.

CVE-2024-5276

Impact Analysis: This critical SQL Injection vulnerability in Fortra FileCatalyst Workflow, a web-based file transfer platform accelerating large file exchanges, allows an attacker to modify application data, with likely impacts including the creation of administrative users and deletion or modification of data in the application database. It is worth noting that data exfiltration via SQL injection is not possible by leveraging the vulnerability; further successful unauthenticated exploitation requires a Workflow system with anonymous access enabled; otherwise, an authenticated user is required. Internet Exposure? No Patch Available? Yes

CVE-2024-5806

Impact Analysis: This critical improper authentication vulnerability impacts Progress MOVEit Transfer (SFTP module), which can lead to authentication bypass in the secure managed file transfer application. With successful exploitation, an attacker could access sensitive data stored on the MOVEit Transfer server; upload, download, delete, or modify files; and intercept or tamper with file transfers. Within a day of the vendor disclosing the vulnerability, security researchers started to observe exploitation attempts targeting it due to its vast exposure and impact, Cyble researchers noted. Patch Available? Yes

CVE-2024-0762

Impact Analysis: This high-severity buffer overflow vulnerability impacts unsafe UEFI variable handling in Phoenix SecureCore, an advanced UEFI firmware solution developed for client PCs, notebooks, and IoT/embedded devices. The vulnerability could be exploited to execute code on vulnerable devices. Furthermore, given the enormous number of Intel CPUs that use this firmware, the vulnerability might affect hundreds of models from vendors, including Lenovo, Dell, Acer, and HP, Cyble researchers noted. Internet Exposure? No Patch Available? Yes

CVE-2024-34102

Impact Analysis: This critical improper restriction of XML external entity reference ('XXE') vulnerability impacts Adobe Commerce, a leading digital commerce solution for merchants and brands. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities, leading to arbitrary code execution. Patch Available? Yes

CVE-2024-28995

Impact Analysis: The high severity directory transversal vulnerability impacts SolarWinds Serv-U, a secure managed file transfer (MFT) solution. Successful exploitation of the vulnerability could allow threat actors access to read sensitive files on the host machine. Recently researchers have observed active exploitation of vulnerability leveraging publicly available proof-of-concept (PoC) exploits. Patch Available? Yes

CVE-2017-11882

Impact Analysis: The high-severity vulnerability impacts Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016. It could allow an attacker to run arbitrary code in the context of the current user by failing to handle objects in memory properly. Recently, researchers uncovered that this 7-year-old vulnerability was leveraged in cyberespionage campaigns orchestrated by alleged state-sponsored groups. Internet Exposure? No Patch Available? Yes

CVE-2024-6027

Impact Analysis: The high-severity vulnerability impacts the Themify WooCommerce Product Filter plugin for WordPress, which could lead to time-based SQL Injection via the ‘conditions’ parameter. Exploiting the vulnerability makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Internet Exposure? Yes Patch Available? Yes – upgrade to version 1.5.0

CVE-2024-37079

Impact Analysis: Cyble also addressed this vulnerability in last week’s vulnerability report. The critical severity heap-overflow vulnerability impacts the VMware vCenter Server, a central management platform for VMware vSphere that enables the management of virtual machines and ESXi hosts. Given the global usage of the impacted product and the history of leveraging the flaws impacting vCenter, Cyble said there are possibilities that threat actors (TAs) could also leverage this critical vulnerability. Internet Exposure? Yes Patch Available? Yes

CVE-2024-30103

Impact Analysis: This high-severity remote code execution (RCE) vulnerability impacts Microsoft Outlook. Since the RCE flaw can be exploited simply by opening and previewing an email that contains a malicious payload in the body, requiring no further interaction from the user, there are high possibilities for TAs to weaponize the vulnerability in targeting government and private entities. Internet Exposure? No Patch Available? Yes

CVE-2024-30078

Impact Analysis: This high severity remote code execution (RCE) vulnerability impacts Windows Wi-Fi Driver. With the wide usage of Windows devices around the world and the ability to exploit without the need for any user interaction, TAs can leverage the flaw to gain initial access to the devices and later install malware and exfiltrate user data. Internet Exposure? No Patch Available? Yes

Dark Web Exploits

Cyble’s scans of customer environments found nearly a million exposed assets for just 7 vulnerabilities this week. Nearly 200,000 assets were exposed to the the VMware vCenter Server vulnerability, while a PHP vulnerability (CVE-2024-4577) reported two weeks ago continues to dominate, affecting nearly 600,000 exposed assets. Cyble researchers also observed five instances of alleged zero-day vulnerabilities being offered on sale on underground forums, plus a number of exploits/proof of concepts/custom scripts observed over underground forums. The full report available for clients covers all these vulnerabilities, along with details and discussion around exploits found on the dark web, industrial control system (ICS) vulnerability intelligence, and cybersecurity defenses.

Cyble Research & Intelligence Labs (CRIL) last week analyzed 154 vulnerabilities in its weekly vulnerability report, including critical flaws in products from the likes of Microsoft, VMware, Veeam and ASUS. A whopping 126 of the vulnerabilities occurred in Siemens industrial control systems (ICS) products, potentially putting critical manufacturing infrastructure at risk. About 25,000 new security vulnerabilities are discovered each year, yet only a small percentage of those are actively exploited by threat actors. To help security teams focus on the most important vulnerabilities and threats, The Cyber Express is collaborating with Cyble’s highly skilled dark web and threat intelligence researchers to highlight security vulnerabilities that warrant particularly close attention.

The Week’s Top Vulnerabilities

Cyble’s weekly report focused on 9 of the vulnerabilities in particular; they are:

CVE-2024-37079, CVE-2024-37080 and CVE-2024-37081: VMware

Impact Analysis: These critical and high severity heap-overflow and privilege escalation vulnerabilities impact the VMware vCenter Server, a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. With the global usage of the impacted product and the history of leveraging flaws impacting vCenter, there is strong potential for threat actors (Tas) to leverage these critical vulnerabilities also. Internet Exposure: Yes Available Patch? Yes

CVE-2024-3080: ASUS Router Bypass

Impact Analysis: This critical authentication bypass vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to log in to the device. Recently, the Taiwan Computer Emergency Response Team informed users about the vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? Yes

CVE-2024-3912: ASUS Arbitrary Firmware Upload Vulnerability

Impact Analysis: This critical arbitrary firmware upload vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to execute arbitrary system commands on the device. The Taiwan Computer Emergency Response Team also informed users about this vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? Yes

CVE-2024-29855: Veeam Recovery Orchestrator

Impact Analysis: This critical authentication bypass vulnerability impacts the Veeam Recovery Orchestrator. The recovery solution extends the capabilities of the Veeam Data Platform by automating recovery processes and providing comprehensive reporting and testing features. The availability of a recent publicly available proof-of-concept (PoC) exploit for this vulnerability elevates the risk of exploitation in attacks by TAs. Internet Exposure: No Patch Available? Yes

CVE-2024-30103: Microsoft Outlook RCE Vulnerability

Impact Analysis: This high-severity remote code execution (RCE) vulnerability impacts Microsoft Outlook. Since the zero-click RCE flaw can be exploited simply by opening and previewing an email that contains a malicious payload in the body of the email, requiring no further interaction from the user, there are high possibilities for the weaponization of the vulnerability by TAs in targeting government and private entities. Internet Exposure: No Patch Available? Yes

CVE-2024-30078: Windows Wi-Fi Driver RCE Vulnerability

Impact Analysis: This high severity remote code execution (RCE) vulnerability impacts Windows Wi-Fi Driver. With the wide usage of Windows devices around the world and the ability to exploit without the need for any user interaction, TAs can leverage the flaw to gain initial access to the devices and later install malware and exfiltrate user data. Internet Exposure: No Patch Available? Yes

CVE-2024-37051: JetBrains GitHub Plugin Vulnerability

Impact Analysis: This critical vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform affects all IntelliJ-based IDEs, leading to the exposure of GitHub access tokens. TAs can leverage the vulnerability by using exposed tokens to gain unauthorized access to user GitHub accounts and repositories and possibly deploy malicious code or delete the repositories. Internet Exposure: No Patch Available? Yes

CISA Adds 5 Vulnerabilities to KEV Catalog

Five of the vulnerabilities in the Cyble report were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog:

• CVE-2024-32896, an Android Pixel vulnerability with a 7.8 CVSSv3 criticality score
• CVE-2024-26169, a Microsoft Windows error reporting service elevation of privilege vulnerability with a 7.8 criticality rating
• CVE-2024-4358, a Progress Telerik Report Server vulnerability with a 9.8 rating
• CVE-2024-4610, an Arm Mali GPU Kernel Driver vulnerability with a 5.5 rating
• CVE-2024-4577, a PHP remote code execution flaw, a 9.8 vulnerability that Cyble addressed in last week’s report

The full Cyble report available for clients covers all these vulnerabilities, along with details and discussion around exploits found on the dark web, industrial control system (ICS) vulnerability intelligence, and cybersecurity defenses. Cyble security analysts also conducted scans of customer environments to alert them of any exposures – and found more than 2 million exposures to 13 of the vulnerabilities. Stay ahead of cyber threats with the Weekly Vulnerability Intelligence Report by Cyble, brought to you by The Cyber Express. Subscribe now for the latest insights powered by Cyble's advanced AI-driven threat intelligence.