Weekly Vulnerability Report: Critical Security Flaws Identified by Cyble in Microsoft, VMware, Veeam, ASUS Products
24 June 2024 at 14:40
The Weekβs Top Vulnerabilities
Cybleβs weekly report focused on 9 of the vulnerabilities in particular; they are:CVE-2024-37079, CVE-2024-37080 and CVE-2024-37081: VMware
Impact Analysis: These critical and high severity heap-overflow and privilege escalation vulnerabilities impact the VMware vCenter Server, a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. With the global usage of the impacted product and the history of leveraging flaws impacting vCenter, there is strong potential for threat actors (Tas) to leverage these critical vulnerabilities also. Internet Exposure: Yes Available Patch? YesCVE-2024-3080: ASUS Router Bypass
Impact Analysis: This critical authentication bypass vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to log in to the device. Recently, the Taiwan Computer Emergency Response Team informed users about the vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? YesCVE-2024-3912: ASUS Arbitrary Firmware Upload Vulnerability
Impact Analysis: This critical arbitrary firmware upload vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to execute arbitrary system commands on the device. The Taiwan Computer Emergency Response Team also informed users about this vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? YesCVE-2024-29855: Veeam Recovery Orchestrator
Impact Analysis: This critical authentication bypass vulnerability impacts the Veeam Recovery Orchestrator. The recovery solution extends the capabilities of the Veeam Data Platform by automating recovery processes and providing comprehensive reporting and testing features. The availability of a recent publicly available proof-of-concept (PoC) exploit for this vulnerability elevates the risk of exploitation in attacks by TAs. Internet Exposure: No Patch Available? YesCVE-2024-30103: Microsoft Outlook RCE Vulnerability
Impact Analysis: This high-severity remote code execution (RCE) vulnerability impacts Microsoft Outlook. Since the zero-click RCE flaw can be exploited simply by opening and previewing an email that contains a malicious payload in the body of the email, requiring no further interaction from the user, there are high possibilities for the weaponization of the vulnerability by TAs in targeting government and private entities. Internet Exposure: No Patch Available? YesCVE-2024-30078: Windows Wi-Fi Driver RCE Vulnerability
Impact Analysis: This high severity remote code execution (RCE) vulnerability impacts Windows Wi-Fi Driver. With the wide usage of Windows devices around the world and the ability to exploit without the need for any user interaction, TAs can leverage the flaw to gain initial access to the devices and later install malware and exfiltrate user data. Internet Exposure: No Patch Available? YesCVE-2024-37051: JetBrains GitHub Plugin Vulnerability
Impact Analysis: This critical vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform affects all IntelliJ-based IDEs, leading to the exposure of GitHub access tokens. TAs can leverage the vulnerability by using exposed tokens to gain unauthorized access to user GitHub accounts and repositories and possibly deploy malicious code or delete the repositories. Internet Exposure: No Patch Available? YesCISA Adds 5 Vulnerabilities to KEV Catalog
Five of the vulnerabilities in the Cyble report were added to CISAβs Known Exploited Vulnerabilities (KEV) catalog:- CVE-2024-32896, an Android Pixel vulnerability with a 7.8 CVSSv3 criticality score
- CVE-2024-26169, a Microsoft Windows error reporting service elevation of privilege vulnerability with a 7.8 criticality rating
- CVE-2024-4358, a Progress Telerik Report Server vulnerability with a 9.8 rating
- CVE-2024-4610, an Arm Mali GPU Kernel Driver vulnerability with a 5.5 rating
- CVE-2024-4577, a PHP remote code execution flaw, a 9.8 vulnerability that Cyble addressed in last weekβs report
![Weekly Vulnerability Report](../themes/icons/grey.gif)