Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from July that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2024-38080
CVE-2024-38080 describes a high-severity elevation of privilege vulnerability found in Microsoft’s Windows Hyper-V. This vulnerability arises from an issue in the system that could potentially allow a malicious actor with local access to a virtual machine to execute arbitrary code on the host machine with elevated privileges. This type of vulnerability is particularly concerning in environments where multiple users share virtualized resources, as it could allow an attacker to gain unauthorized control over the host system, impacting the confidentiality, integrity, and availability of all virtual machines on the host. The vulnerability has been given a CVSS v3 base score of 7.8, with a vector of CVSS:3.1/AV/AC/PR/UI/S/C/I/A, indicating it has high impacts on confidentiality, integrity, and availability, requires low privileges and low attack complexity, and does not require user interaction. This score suggests that the vulnerability is severe and could have widespread implications if exploited. Given the potential implications of this vulnerability, it is listed in CISA’s Known Exploited Vulnerabilities Catalog, which mandates that affected organizations apply the necessary mitigations or updates provided by Microsoft before the specified due date to prevent possible exploits. The patches to address this vulnerability were included in Microsoft’s July 2024 Patch Tuesday release, which addressed multiple vulnerabilities across various products. Organizations using affected versions of Windows 11 and Windows Server 2022 are advised to review the specific versions and configurations listed as vulnerable and ensure that they apply the updates provided by Microsoft promptly. Regularly updating systems and following vendor guidelines for security are critical measures to protect against known vulnerabilities and potential attacks. For detailed instructions and further guidance, users should refer to the official Microsoft Security Response Center (MSRC) advisory.
CVE-2024-38094
CVE-2024-38094 is a remote code execution vulnerability in Microsoft SharePoint, caused by the deserialization of untrusted data, identified under CWE-502. This vulnerability, released on July 9, 2024, primarily affects Microsoft SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. Microsoft classifies the severity of this issue as important, with a CVSS v3 base score of 7.2 and a vector of AV/AC/PR/UI/S/C/I/A, indicating that the vulnerability is network exploitable, has low attack complexity, requires high privileges, and involves no user interaction, leading to high impacts on confidentiality, integrity, and availability. The CVSS v2 score is 8.3, with a vector of AV/AC/Au/C/I/A, showing its critical impact through network access, low complexity, and medium level of required authentication. Security updates to address this vulnerability have been released, with specific patches for each affected SharePoint version: Version 16.0.17328.20424 for the SharePoint Server Subscription Edition, Version 16.0.10412.20001 for SharePoint Server 2019, and Version 16.0.5456.1000 for SharePoint Enterprise Server 2016. Given the severity and potential impact of this vulnerability, organizations are urged to apply these updates immediately to protect their systems from possible exploitation. The likelihood of exploitation is considered more likely, emphasizing the necessity for timely patch management and ongoing vigilance in system monitoring. For more information, refer to the official MSRC advisory.
CVE-2024-23692
CVE-2024-23692 marks a critical security breach concerning the Rejetto HTTP File Server (HFS), specifically targeting versions up to and including 2.3m. This vulnerability stems from a template injection flaw, enabling remote, unauthenticated attackers to execute arbitrary commands on the compromised system. Attackers exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable server. This issue has garnered significant attention due to its inclusion in the CISA Known Exploited Vulnerabilities Catalog, affirming its active exploitation in the wild. The severity of this vulnerability is underscored by its CVSS v3 base score of 9.8, delineated by the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which indicates that the vulnerability can be exploited remotely with minimal complexity and without any user interaction. This poses high risks to the confidentiality, integrity, and availability of affected systems. The CVSS v2 scoring also highlights its critical impact with a score of 10 and a vector of AV:N/AC:L/Au:N/C:C/I:C/A:C, reflecting the comprehensive and severe impact across all three CIA (Confidentiality, Integrity, Availability) metrics. Given that Rejetto HFS 2.3m is no longer supported and therefore not receiving security updates, users are strongly advised to upgrade to the patched version, Rejetto HFS 3. This new version addresses the current vulnerability alongside other potential security issues that could compromise system security. For those using the affected versions, the update to Rejetto HFS 3 is crucial to mitigate the risk posed by CVE-2024-23692 and to protect against potential exploits that could leverage this vulnerability to gain unauthorized access or control over the systems. Immediate action is recommended to prevent any exploitation attempts that could lead to data breaches or further network compromise. For more information, refer to the NIST documentation here.
CVE-2024-38086
CVE-2024-38086 pertains to a remote code execution vulnerability in the Azure Kinect SDK, identified by Microsoft and released on July 9, 2024. The vulnerability stems from a numeric truncation error (CWE-197) that could potentially allow attackers to execute arbitrary code remotely. However, the maximum severity of this issue is classified as Important rather than Critical. According to the CVSS v3.1 scoring, this vulnerability has a base score of 6.4, with a vector of CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. This scoring reflects the impact on confidentiality, integrity, and availability as high, with the attack vector requiring physical access (AV:P) to the target system. The attack complexity is high (AC:H), meaning that exploitation demands specific environmental information and preparation. No privileges or user interaction are required for an attacker to exploit the vulnerability. The CVSS v2 score for this vulnerability is 6.2, represented by the vector CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C, indicating a medium severity level. This assessment underscores the high impact on the system but acknowledges the need for physical access to carry out the exploit. Microsoft has confirmed the vulnerability and provided an official fix in Azure Kinect SDK version 1.4.2. Security experts like VictorV (Tang Tianwen) with Kunlun Lab have been acknowledged for their contributions to identifying and disclosing this vulnerability.For more information, including the official security update, refer to Microsoft’s security update guide.
CVE-2024-6387
CVE-2024-6387, also known as the “Regresshion” vulnerability, is a significant security flaw discovered in OpenSSH’s server component (sshd). This vulnerability is characterized by a race condition that leads to unsafe signal handling by sshd. The issue was first identified as a regression of an earlier vulnerability, CVE-2006-5051. This race condition occurs when an unauthenticated remote attacker attempts to authenticate within a specific time frame and triggers unsafe signal handling in sshd. The vulnerability is rated with a CVSS 3.x base score of 8.1, categorized as “High” severity. The CVSS vector string for this vulnerability is CVSS:3.1/AV/AC/PR/UI/S/C/I/A, indicating that it is exploitable over a network with high impact on confidentiality, integrity, and availability. The flaw stems from a race condition that affects how sshd processes certain signals. In this scenario, if an unauthenticated attacker interacts with the sshd service, they might exploit the race condition to cause sshd to handle signals in an unsafe manner. This can result in unauthorized remote code execution. The vulnerability is a regression from an earlier fixed issue, CVE-2006-5051, which had previously addressed similar problems with signal handling in sshd. The specific nature of the regression means that while the vulnerability was known and addressed before, it has reappeared in a different form. The vulnerability impacts various configurations of OpenSSH across multiple operating systems. Notable affected configurations include versions of OpenSSH from 8.6 up to but not including 9.8, and it affects systems across different distributions such as Red Hat, Debian, Ubuntu, FreeBSD, NetBSD, and others. The issue is not confined to a single operating system but spans across several, indicating a broad potential impact. To mitigate CVE-2024-6387, users are advised to update their OpenSSH installations to the latest versions that include patches addressing this vulnerability. The OpenSSH development team and various operating system vendors have released patches and updates to rectify the issue. For detailed guidance, affected users should refer to advisories from their specific operating system vendors, such as Red Hat, Ubuntu, FreeBSD, and others. Additionally, resources such as the OpenSSH release notes and security advisories provide further instructions for mitigating the risk.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
