In this week's urgent updates, Apple and VMware issued updates for zero-day flaws currently under attack, and researchers detected a rise in attacks on unpatched Apache and Atlassian Confluence servers.
The release of proof-of-concept code starts the countdown to attack on other critical vulnerabilities, including Cisco Enterprise Communication, Fortra GoAnywhere, and GitLab.
Patch management and vulnerability management remain critical, but they assume that other fundamental requirements, such as asset management, remain in place.
Continue reading below to learn more about this week's vulnerabilities, but don't forget to double-check IT asset inventories for accuracy.
Type of vulnerability: Remote code execution vulnerability.
Type of vulnerability: A type confusion issue enables arbitrary code execution attacks.
The problem: Apple addressed multiple vulnerabilities, but zero-day vulnerability CVE-2024-23222 leads the list.
Although added to the known exploited vulnerability catalog, experts believe attackers used the WebKit vulnerability primarily on specific targets.
The problem: Atlassian disclosed the critical-severity RCE vulnerability, CVE-2023-22527, in Confluence Server and Data Center on January 16, 2024 and noted that only outdated versions would be affected.
Type of vulnerability: Authentication bypass vulnerability can create new admin users on exposed admin portals.
The problem: Fortra disclosed CVE-2024-0204, a critical vulnerability with a CVSS score rated 9.8/10, to the public on January 23rd after issuing patches and notifying customers on December 7, 2023.
Type of vulnerability: Account takeover from password-reset emails sent to unverified email addresses.
The fix: GitLab recommends immediate patching that will also fix three other vulnerabilities.
Sonar also discovered a similar high severity cross-site WebSocket hijacking vulnerability that also uses the command line to execute ACE attacks if a victim clicks a link.
Type of vulnerability: RCE attacks that possibly establish root access.
Type of vulnerability: Sophos researchers discovered three vulnerabilities: pool memory corruption, out-of-bounds-read, and arbitrary read. The problem: WatchGuard confirmed these three vulnerabilities in WatchGuard Endpoint Protection, Detection, and Response, Panda Dome, and Panda Adaptive Defense 360.
The pool memory corruption vulnerability, CVE-2023-6330, does not authenticate registry information, which could lead to kernel memory pool overflow, denial of service conditions, and possibly ACE with system-level privileges.
Out-of-bounds vulnerability CVE-2023-6331 can create a denial of service condition and allow ACE with system-level privileges.
The lower risk arbitrary read vulnerability CVE-2023-6332 could allow users with admin privileges to leak data from kernel memory,.
WatchGuard recommends updating to the most recent versions of the products to eliminate the vulnerabilities.
This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 29 Jan 2024 23:13:03 +0000