Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software.
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco's third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence's website.
Discovered by KPC. Adobe Acrobat Reader contains two out-of-bounds read vulnerabilities in its Font feature that could lead to the disclosure of sensitive information.
An adversary could exploit these vulnerabilities to read arbitrary memory of the process that runs when Acrobat tries to process the font.
It's possible the adversary could even view sensitive components of arbitrary memory, which they could use in follow-on attacks or the exploitation of other vulnerabilities.
TALOS-2024-1952 is the same exploit as outlined in TALOS-2023-1905, a previously disclosed vulnerability, because Adobe's initial patch did not properly protect against all possible attack vectors.
Discovered by KPC. Foxit PDF Reader contains a privilege escalation vulnerability that could allow an adversary to execute commands with SYSTEM-level privileges.
Talos recently discovered multiple vulnerabilities in libigl, a C++ open-source library used to process geometric shapes and designs.
Two out-of-bounds write vulnerabilities, TALOS-2023-1879 and TALOS-2024-1930, could lead to a heap buffer overflow.
An attacker could exploit these vulnerabilities by tricking the targeted user into opening a specially crafted file.
Lastly, there is another out-of-bounds write vulnerability that is caused by an improper array index validation.
Several vulnerabilities were identified in the AutomationDirect P3 line of CPU modules.
The device communicates remotely via ethernet, serial and USB and exposes a variety of control services, including MQTT, Modbus, ENIP and the engineering workstation protocol DirectNET. Four of the vulnerabilities found in these PLC CPU modules received a CVSS security score of 9.8 out of 10, making them particularly notable.
TALOS-2024-1942 is a leftover debug code vulnerability that allow an adversary who can communicate to the device over ModbusRTU to enable the device's diagnostic interface without any other knowledge of the target device.
An adversary who submits a series of properly formatted requests to exploit this vulnerability could modify arbitrary memory regions on the device, potentially resulting in arbitrary remote code execution.
A heap-based buffer vulnerability, TALOS-2024-1936, also exists if an adversary sends a specially crafted packet to the targeted device.
The U.S. Cybersecurity and Infrastructure Security Agency also released an advisory covering these vulnerabilities, as the P3 line is commonly used in U.S. critical infrastructure and ICS networks.
CISA provided users with a list of possible mitigations for these vulnerabilities and other steps administrators can take to protect ICS environments.
This Cyber News was published on blog.talosintelligence.com. Publication date: Wed, 29 May 2024 16:43:07 +0000