Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from August that should be immediately patched or addressed if present in your environment. Detailed writeups below:
CVE-2024-7965
CVE-2024-7965 is a high-severity vulnerability identified in Google Chrome’s V8 JavaScript and WebAssembly engine. This vulnerability was found in Chrome versions prior to 128.0.6613.84 and is caused by an inappropriate implementation in the V8 engine, which allows a remote attacker to exploit heap corruption by using a specially crafted HTML page. This flaw could allow an attacker to execute arbitrary code on the host machine, leading to a full compromise with elevated privileges. The vulnerability poses significant risks because it enables remote exploitation without requiring physical access to the target system.
The CVE affects systems running vulnerable versions of Chrome and could be exploited in environments where users routinely access web-based applications, such as corporate networks or individual user machines. Due to its ability to impact confidentiality, integrity, and availability, the vulnerability is a serious threat in enterprise environments, particularly for organizations that rely on Chrome for secure web browsing and application delivery.
According to the National Vulnerability Database (NVD), this vulnerability has been assigned a CVSS v3 base score of 8.8, with the vector CVSS:3.0/AV/AC/PR/UI/S/C/I/A. This score reflects the vulnerability’s potential to severely impact the system with high consequences for all three security components:
- Confidentiality (C) – A successful exploit could grant unauthorized access to sensitive information.
- Integrity (I) – The attacker could manipulate system files or inject malicious code, compromising the integrity of the system.
- Availability (A) – Exploitation may cause service disruption or denial of service, affecting system availability.
In this specific case, CVE-2024-7965 has been actively exploited in the wild, as confirmed by Google, making it an even more pressing issue for organizations. It is part of a series of security vulnerabilities found in Chrome in 2024, marking the tenth zero-day exploited in the browser this year. The vulnerability was first discovered and reported by a security researcher known by the pseudonym TheDog on July 30, 2024, earning a bug bounty of $11,000. While the specific details of the exploit method or the identity of the threat actors involved have not been made public, the existence of active exploitation in the wild suggests that attackers may be leveraging the flaw to target users before patches are applied.
To mitigate the risk posed by CVE-2024-7965, users and organizations are strongly advised to upgrade to Chrome version 128.0.6613.84 for Linux, macOS, and Windows, which contains the necessary fix for this issue. Google’s August 2024 Patch Tuesday release also addressed nine other zero-day vulnerabilities, further emphasizing the importance of applying updates as soon as they become available.
CVE-2024-39717
CVE-2024-39717 is a critical vulnerability affecting the Versa Director platform, which plays a central role in managing SD-WAN networks for Internet Service Providers (ISPs) and Managed Service Providers (MSPs). This flaw allows threat actors to upload malicious files disguised as images via the “Change Favicon” option within the Versa Director GUI. It can only be exploited by users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges, thus limiting the pool of potential attackers. Still, once exploited, it offers attackers the opportunity to take control of the affected system.
This vulnerability is particularly dangerous because it allows remote code execution (RCE) once the attacker successfully uploads a file masquerading as a harmless PNG image. The issue stems from the Versa Director’s ability to allow privileged users to customize the interface, which can be abused to upload malicious files. The attacker needs to be authenticated with elevated privileges, making this an insider threat or a target for credential-stealing campaigns. Although tenant-level users do not have the ability to exploit this issue, organizations with weak or compromised administrative credentials are at risk.
The CVSS v2 score of 8.3 and CVSS v3 score of 7.2 reflect the high risk posed by this vulnerability. Both confidentiality, integrity, and availability are significantly impacted by the exploit, resulting in severe consequences, including full system compromise. The attack requires minimal complexity once authenticated and can be executed without any user interaction.
- Confidentiality (C) – The attacker gains unauthorized access to critical data.
- Integrity (I) – System files and configurations may be altered or overwritten.
- Availability (A) – Systems could be taken offline or manipulated, causing disruptions to service.
This vulnerability has already been linked to Volt Typhoon, a Chinese state-sponsored hacking group, and has been actively exploited in the wild. Multiple reports from sources such as BleepingComputer, KrebsOnSecurity, and Ars Technica indicate that attackers have been using this flaw to breach ISPs and MSPs. The Chinese group is known for its advanced cyber espionage tactics, and this vulnerability fits their modus operandi of targeting service providers to steal sensitive data and credentials.
CVE-2024-28987
CVE-2024-28987 is a critical vulnerability identified in SolarWinds Web Help Desk (WHD) software, specifically impacting versions prior to 12.8.3 Hotfix 2. This flaw involves hardcoded credentials, which can be exploited by a remote, unauthenticated user to gain access to internal functionalities and modify data within the application. This security issue poses a substantial risk, as it enables unauthorized access and manipulation of critical system components without requiring user authentication.
The vulnerability was published on August 22, 2024, and has been assigned a CVSS v3 base score of 9.1, indicating a high severity level. The vector for this score is CVSS:3.0/AV
/AC/PR/UI/S/C/I/A, highlighting its potential to impact confidentiality and integrity significantly:
- Confidentiality (C) – Exploitation can lead to unauthorized access to sensitive data.
- Integrity (I) – Attackers could alter data or system configurations.
- Availability (A) – The vulnerability does not directly affect system availability.
The flaw is described as allowing a remote unauthenticated user to exploit hardcoded credentials present in the software, leading to potential unauthorized actions within the Web Help Desk system. The impact of this vulnerability could be severe, as it might allow attackers to execute commands or make changes that could compromise the entire system’s security posture.
The vulnerability stems from the presence of hardcoded credentials in the SolarWinds Web Help Desk software, which is a common practice in some legacy systems and applications. Such credentials are embedded within the code or configuration files and are often intended for internal or administrative purposes. However, if these credentials are not properly secured or obfuscated, they can be exploited by attackers to gain unauthorized access.
The hardcoded credentials issue in this case allows remote attackers to bypass authentication mechanisms and interact with the system as if they were legitimate users. This can lead to various security risks, including data breaches and unauthorized modifications.
According to recent reports, this vulnerability is actively being exploited in the wild, underscoring its severity and the urgent need for remediation. The Cybersecurity and Infrastructure Security Agency (CISA) has identified the risk associated with this vulnerability and recommends immediate action to mitigate its impact.
CVE-2024-8255
CVE-2024-8255 is a critical-severity vulnerability identified in Delta Electronics DTN Soft. This vulnerability, found in versions 2.0.1 and prior, is caused by a deserialization of untrusted data vulnerability. This flaw allows an attacker to achieve remote code execution through crafted data sent to the DTN Soft application. An attacker with network access can exploit this flaw to execute arbitrary commands on the affected system, potentially leading to a complete system compromise.
The CVE impacts systems running vulnerable versions of Delta Electronics DTN Soft and could be exploited in environments where the software is deployed in temperature control systems. Given its potential to affect confidentiality, integrity, and availability, it presents a substantial risk, particularly in critical infrastructure sectors like energy and manufacturing.
According to the National Vulnerability Database (NVD) and Mitre, this vulnerability has been assigned a CVSS v2 base score of 7.5, with the vector CVSS2#AV/AC/Au/C/I/A. This score reflects the high severity of the vulnerability’s impact on the system’s security components:
- Confidentiality (C) – An attacker could potentially access sensitive information.
- Integrity (I) – An attacker could alter or corrupt system data.
- Availability (A) – An attacker could cause disruptions or a denial of service.
The CVSS v3 base score is 9.8, with the vector CVSS:3.0/AV/AC/PR/UI/S/C/I/A. This score indicates a critical severity with severe consequences for all three security components:
- Confidentiality (C) – A significant risk of unauthorized access to sensitive information.
- Integrity (I) – Potential for significant data modification or corruption.
- Availability (A) – High risk of disrupting or completely denying access to the system.
CVE-2024-8255 has been actively monitored, and while no specific public exploitation has been reported, the vulnerability’s high CVSS score and the nature of the issue necessitate immediate attention. The vulnerability was first reported by Kimiya working with Trend Micro Zero Day Initiative on August 29, 2024, and has been included in the CISA advisory ICSA-24-242-02.
To mitigate the risk posed by this vulnerability, users and organizations should upgrade to DTN Soft version 2.1, which includes the necessary fix.
CVE-2024-43955
CVE-2024-43955 is a critical-severity vulnerability identified in Themeum Droip versions from n/a through 1.1.1. This vulnerability is due to improper limitation of a pathname to a restricted directory, also known as a Path Traversal issue. It allows attackers to perform file manipulation operations.
Description: The vulnerability enables an attacker to exploit the path traversal flaw in Droip, allowing them to access files outside the intended directories. This could lead to unauthorized file access or modification, potentially affecting the integrity and availability of the system.
Impacts:
- Confidentiality (C) – High impact; attackers can access sensitive files that should be restricted.
- Integrity (I) – Not impacted directly by the vulnerability; however, unauthorized file access could lead to indirect integrity issues.
- Availability (A) – High impact; attackers can potentially delete or modify critical files, affecting system availability.
The vulnerability has been assigned a CVSS v3 base score of 10, with the vector CVSS:3.0/AV/AC/PR/UI/S/C/I/A. This reflects the severe nature of the vulnerability, which can be exploited remotely with no authentication required and with a high impact on both confidentiality and availability.
To address CVE-2024-43955, users should upgrade to a patched version of Themeum Droip that resolves this issue. The vendor’s patch addresses the vulnerability by securing the file path handling and preventing unauthorized access.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
