“The vulnerability stems from inadequate validation of network data, allowing attackers to get the vulnerable system to install a malicious printer driver, and then send a print job to that driver triggering execution of the malicious code,” said security firm Ontinue. “A remote unauthenticated attacker can silently replace existing printers’ (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer),” wrote Simone Margaritelli, the researcher who published a blog on the vulnerability. The other Container Toolkit vulnerability allows a threat actor to use the container image to create empty files on the host file system. The problem: Computing provider NVIDIA recently updated its Container Toolkit and GPU Operator due to vulnerabilities that could lead to data tampering, code execution, or privilege escalation. Additionally, researchers published a report on a Kia dealer portal vulnerability that’s since been fixed but affected millions of vehicles. The problem: Vulnerabilities in Linux systems’ OpenPrinting Common Unix Printing Systems could allow a threat actor to perform remote command execution. The problem: For two years, security researchers Sam Curry, Justin Rhinehart, Neiko Rivera, and Ian Carroll have been studying vulnerabilities in connected vehicles. The problem: A vulnerability in Ivanti Virtual Traffic Manager was recently added to the CISA’s known exploitable vulnerabilities (KEV) catalog. The vulnerability is tracked as CVE-2024-6769 and has a base score of 6.7. While Microsoft didn’t classify it as a vulnerability when Fortra first reported it to them, Fortra identified it as a privilege escalation opportunity for attackers. While this vulnerability was one of an unfortunate string of sequential flaws in Ivanti’s products over the last few months, it’s good to see the vendor continue to patch and update users on issues consistently. To automate vulnerability tracking and patching, consider a vulnerability scanning tool, which examines your infrastructure for known vulnerabilities that need to be updated. The security bulletin is unclear as to which vulnerability affects NVIDIA GPU Operator, stating different things in different sections of the bulletin. The port must be enabled for a threat actor to exploit the vulnerability. If the installations use default software configuration, a threat actor could use a specifically crafted container image to access the host file system. The fix: Neither Fortra nor NIST gives mitigation instructions in their bulletins, and Microsoft doesn’t view the flaw as a vulnerability. Ivanti has demonstrated its commitment to improving its security posture, and it’s by no means the only vendor navigating major vulnerabilities just because it’s been so prevalent in headlines. Version 1.16.1 and earlier versions of Container Toolkit have a time-of-check/time-of-use (TOCTOU) vulnerability.
This Cyber News was published on www.esecurityplanet.com. Publication date: Tue, 01 Oct 2024 14:43:17 +0000