The most dangerous vulnerabilities might be the lesser known Tinyproxy and Cinterion Cellular Modem flaws.
The stress and high expense of attacks can be avoided by proactively tracking assets, staying informed, and allocating some resources to eliminating vulnerabilities before they become ballooning disasters.
The Talos team published that they received no response from the Tinyproxy open-source developers, and therefore they published the proof of concept before a patch was available for this vulnerability with a CVSSv3 rating of 9.8 out of 10.
To coordinate tracking and remediating vulnerabilities, consider a vulnerability management solution.
Type of vulnerability: Deterministic cryptographic number generation.
The problem: As disclosed in the April 22nd vulnerability recap, PuTTY didn't generate sufficiently random numbers for encryption keys.
The fix: XenCenter for Citrix Hypervisor versions from 8.2.7 don't include PuTTY and require no action.
Type of vulnerability: OData injection, SQL injection.
The problem: F5 patched their unified BIG-IP Next controller, Next Central Manager, to fix a pair of official vulnerabilities: CVE-2024-21793 and CVE-2024-26026.
Both flaws rate CVSSv3 7.5 out of 10 and successful exploitation of these vulnerabilities can disclose user and administrator password hashes.
Researchers at Eclypsium published a proof of concept that describes five vulnerabilities, of which only two have been assigned CVE numbers and formally patched by F5. The proof of concept demonstrates that unpatched management consoles may be remotely compromised.
Obtaining access to the password hashes from the compromise can lead to complete takeover of the F5 management consoles and, by extension, F5 devices managed by the console.
The fix: All device configurations contain the vulnerabilities.
The problem: Google sent out Windows and MacOS Chrome updates and disclosed their fifth actively-exploited vulnerability of 2024: CVE-2024-4671.
Type of vulnerability: Heap overflow, digital signature check bypass, unauthorized code execution, privilege escalation.
The problem: Vendors integrate Telit's Cinterion modems into internet of things devices such as industrial equipment, medical devices, vehicle tracking sensors, and smart meters.
The most significant vulnerability, CVE-2023-47610 rates CVSSv3 9.8 out of 10, and researchers at Kaspersky note that exploitation could lead to remote code execution and unauthorized privilege escalation to take over these devices potentially connected to critical infrastructure.
The other vulnerabilities involve mishandling Java applets running on the IoT. Exploitation of the other vulnerabilities could expose confidential data and allow the device to provide entry to connected networks.
The fix: Owners of IoT with cellular connections should check for the presence of Cinterion modems and patches through the device manufacturers.
Kaspersky recommends disabling non-essential SMS messaging capabilities and private access code names with strict security settings to counter the most critical vulnerability.
This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 13 May 2024 20:13:06 +0000