Vulnerability Recap 10/01/24: NVIDIA, Ivanti, Kia

“The vulnerability stems from inadequate validation of network data, allowing attackers to get the vulnerable system to install a malicious printer driver, and then send a print job to that driver triggering execution of the malicious code,” said security firm Ontinue. “A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer),” wrote Simone Margaritelli, the researcher who published a blog on the vulnerability. The other Container Toolkit vulnerability allows a threat actor to use the container image to create empty files on the host file system. The problem: Computing provider NVIDIA recently updated its Container Toolkit and GPU Operator due to vulnerabilities that could lead to data tampering, code execution, or privilege escalation. Additionally, researchers published a report on a Kia dealer portal vulnerability that’s since been fixed but affected millions of vehicles. The problem: Vulnerabilities in Linux systems’ OpenPrinting Common Unix Printing Systems could allow a threat actor to perform remote command execution. The problem: For two years, security researchers Sam Curry, Justin Rhinehart, Neiko Rivera, and Ian Carroll have been studying vulnerabilities in connected vehicles. The problem: A vulnerability in Ivanti Virtual Traffic Manager was recently added to the CISA’s known exploitable vulnerabilities (KEV) catalog. The vulnerability is tracked as CVE-2024-6769 and has a base score of 6.7. While Microsoft didn’t classify it as a vulnerability when Fortra first reported it to them, Fortra identified it as a privilege escalation opportunity for attackers. While this vulnerability was one of an unfortunate string of sequential flaws in Ivanti’s products over the last few months, it’s good to see the vendor continue to patch and update users on issues consistently. To automate vulnerability tracking and patching, consider a vulnerability scanning tool, which examines your infrastructure for known vulnerabilities that need to be updated. The security bulletin is unclear as to which vulnerability affects NVIDIA GPU Operator, stating different things in different sections of the bulletin. The port must be enabled for a threat actor to exploit the vulnerability. If the installations use default software configuration, a threat actor could use a specifically crafted container image to access the host file system. The fix: Neither Fortra nor NIST gives mitigation instructions in their bulletins, and Microsoft doesn’t view the flaw as a vulnerability. Ivanti has demonstrated its commitment to improving its security posture, and it’s by no means the only vendor navigating major vulnerabilities just because it’s been so prevalent in headlines. Version 1.16.1 and earlier versions of Container Toolkit have a time-of-check/time-of-use (TOCTOU) vulnerability.

This Cyber News was published on www.esecurityplanet.com. Publication date: Tue, 01 Oct 2024 14:43:17 +0000


Cyber News related to Vulnerability Recap 10/01/24: NVIDIA, Ivanti, Kia

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
8 months ago Unit42.paloaltonetworks.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
8 months ago Techtarget.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
7 months ago Techtarget.com
Vulnerability Recap 10/01/24: NVIDIA, Ivanti, Kia - “The vulnerability stems from inadequate validation of network data, allowing attackers to get the vulnerable system to install a malicious printer driver, and then send a print job to that driver triggering execution of the malicious code,” said ...
1 week ago Esecurityplanet.com
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
8 months ago Malwarebytes.com
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
8 months ago Securityweek.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
8 months ago Go.theregister.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
9 months ago Techtarget.com
More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
8 months ago Go.theregister.com
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
9 months ago Go.theregister.com
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
8 months ago Bleepingcomputer.com
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
8 months ago Bleepingcomputer.com
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
8 months ago Cysecurity.news
Nvidia sued after video call mistake showed 'stolen' data - According to a lawsuit filed against tech giant Nvidia, senior staff member Mohammad Moniruzzaman made this error with disastrous consequences. In the course of it, Valeo claims he accidentally displayed a file proving he stole its tech secrets. The ...
10 months ago Bbc.com
Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
7 months ago Hackread.com
CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Boards of directors don't care about a security program's minute technical details. With the US Securities and ...
7 months ago Darkreading.com
Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems - Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed ...
9 months ago Techrepublic.com
Ivanti zero-day flaws under 'widespread' exploitation - Two critical Ivanti vulnerabilities that remain unpatched are being widely exploited just five days following public disclosure. In a security advisory Wednesday, Ivanti urged users and administrators to mitigate two zero-day vulnerabilities that ...
8 months ago Techtarget.com
New cybercrime crew Magnet Goblin caught exploiting Ivanti The Register - There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed ...
7 months ago Theregister.com
Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities - Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products - CVE-2023-46805 and CVE-2024-21887- that are already being actively exploited by threat actors. The vulnerabilities were found in Ivanti Connect Secure and ...
9 months ago Darkreading.com
Ivanti warns critical EPM bug lets hackers hijack enrolled devices - Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server. Ivanti EPM helps manage client devices running a wide range of ...
9 months ago Bleepingcomputer.com
Ivanti Patches High-Severity Vulnerability in VPN Appliances - Ivanti on Thursday announced patches for a high-severity vulnerability impacting enterprise VPN and network access products. Tracked as CVE-2024-22024 and described as an XML external entity issue, the security defect was identified in the SAML ...
8 months ago Securityweek.com
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
9 months ago Bleepingcomputer.com
Two Ivanti Zero-Days Actively Exploited in the Wild - Ivanti customers have been urged to follow the security vendor's suggested workaround after it confirmed that two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways are being actively exploited. Connect Secure is a VPN product ...
9 months ago Infosecurity-magazine.com
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout - The recently discovered Ivanti Connect Secure zero-day vulnerabilities could impact thousands of systems and the threat actors caught exploiting them appear to have been preparing for the release of patches. Threat intelligence and incident response ...
9 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)