Here are the CVE updates for the week of October 21st through the 27th.
Zero-day Severity Vulnerabilities
Fortinet FortiManager Missing Authentication Vulnerability | CVE-2024-47575: is a critical zero-day vulnerability affecting Fortinet’s FortiManager, a network management solution. With a CVSS score of 9.8, this vulnerability results from a missing authentication issue in the FortiManager daemon, enabling remote, unauthenticated attackers to execute arbitrary code or commands through specially crafted requests. It has been actively exploited in the wild, with reports of attackers using scripts to exfiltrate sensitive data, including IP addresses and configuration files of managed devices.
ScienceLogic SL1 unspecified | CVE-2024-9537: A critical zero-day vulnerability in ScienceLogic SL1, was disclosed on October 21, 2024. This flaw allows remote code execution, potentially granting unauthorized access to sensitive data. Rackspace, a cloud services provider, experienced a security incident due to this vulnerability.
Critical Severity Vulnerabilities
Wp Social Login and Register Social Counter | CVE-2024-9501: is a critical authentication bypass vulnerability affecting the WP Social Login and Register Social Counter plugin for WordPress, specifically in all versions up to and including 3.0.7. This flaw arises from insufficient verification of the user being returned by the social login token. As a result, unauthenticated attackers can log in as any existing user on the site, including administrators, provided they know the email address associated with the account and that the user does not already have an account with the social service providing the token.
Desktop Client of Mitel MiCollab and the MiVoice Business Solution Virtual Instance (MiVB SVI) | CVE-2024-35314: is a critical vulnerability affecting the Desktop Client of Mitel MiCollab and the MiVoice Business Solution Virtual Instance (MiVB SVI) up to version 1.0.0.25. The vulnerability arises from improper control of command generation due to insufficient parameter sanitization, allowing unauthenticated attackers to conduct command injection attacks. Successful exploitation can lead to the execution of arbitrary scripts on the affected systems, potentially compromising confidentiality, integrity, and availability.
NuPoint Unified Messaging component | CVE-2024-35285: is a critical security vulnerability identified in the NuPoint Unified Messaging component of the Mitel MiCollab communications platform. This flaw allows for command injection, potentially enabling attackers to execute unauthorized commands on affected systems. Mitel has issued urgent advisories for users to apply patches to mitigate this risk, highlighting the potential for remote exploitation if left unaddressed.
High Severity Vulnerabilities
Microsoft SharePoint Remote Code Execution | CVE-2024-38094: is a critical remote code execution vulnerability affecting Microsoft SharePoint. This vulnerability arises from improper input validation when processing ASPX files, which could allow an attacker to execute arbitrary code on the target system. Such exploitation can lead to unauthorized access to sensitive data and potential system takeover.
Unauthenticated Path Traversal | CVE-2024-6049: is a path traversal vulnerability affecting the Lawo AG vsm LTC Time Sync (vTimeSync) web server. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted HTTP request to access arbitrary files on the underlying operating system. However, this attack is limited to files with specific extensions, such as .exe or .txt. This vulnerability poses a risk primarily in systems where these files might be exploited to access sensitive information or execute unauthorized actions, depending on the files accessible through the exposed path traversal.
Medium Severity Vulnerabilities
Denial of service (DoS) vulnerability | CVE-2024-50311: is a denial of service (DoS) vulnerability found in OpenShift. This flaw allows attackers to exploit the GraphQL batching functionality, enabling them to send a single request containing multiple queries, potentially including thousands of aliases. This excessive querying can consume significant resources, resulting in application unavailability for legitimate users.
Windows MSHTML Platform Spoofing Vulnerability | CVE-2024-43573: is a remote code execution (RCE) vulnerability in the Windows MSHTML platform, which is notably utilized in Internet Explorer mode within Microsoft Edge and other applications through the WebBrowser control. Microsoft has classified this vulnerability as actively exploited, meaning attackers have already started taking advantage of it.
Cisco ASA and FTD Denial-of-Service Vulnerability | CVE-2024-20481: is a denial-of-service (DoS) flaw affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The issue was found amid brute-force password spray attacks on VPN devices, which revealed that attackers could overload the Remote Access VPN (RAVPN) service by sending a high volume of authentication requests. This resource exhaustion could disrupt the RAVPN service, potentially requiring device reloads to restore functionality. Exploitation is only possible if the RAVPN service is enabled on a device.
PHPGurukul Medical Card Generation System View Enquiry Page view-enquiry.php sql injection | CVE-2024-10300: A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability | CVE-2024-37383: is a cross-site scripting (XSS) vulnerability in the Roundcube Webmail client. It allows attackers to inject malicious JavaScript through SVG animate attributes, which execute upon opening a crafted email. The exploit has reportedly been used against a government organization in a CIS country. Once triggered, the malicious script attempts to steal user credentials by injecting an unauthorized login prompt within the Roundcube interface, potentially exfiltrating login details if the user interacts with the prompt.