Here are the CVE updates for the week of December 23rd through the 29th.
Critical Severity Vulnerabilities
SQL Injection Vulnerability in Apache Traffic Control | CVE-2024-45387
Description: Identifies an SQL injection vulnerability in Traffic Ops, a component of Apache Traffic Control, affecting versions <= 8.0.1 and >= 8.0.0. The vulnerability allows a privileged user with roles such as “admin”, “federation”, “operations”, “portal”, or “steering” to execute arbitrary SQL queries against the Traffic Ops database. This is accomplished by sending a specially-crafted PUT request. The flaw occurs due to improper sanitization of user input, enabling attackers to manipulate SQL queries and potentially access or modify sensitive data within the database.
Potential Impacts:
- Unauthorized Data Access: Attackers could use the vulnerability to read sensitive data from the database, such as user credentials or configuration settings, which could lead to further compromise.
- Data Integrity Risks: By executing arbitrary SQL, attackers could modify, delete, or corrupt critical database records, impacting the functionality and integrity of Apache Traffic Control.
- Privilege Escalation: Malicious users with certain roles could gain additional access rights or perform unauthorized actions within the system, escalating the impact of the attack.
- Denial of Service (DoS): Attackers could trigger SQL queries that overload or crash the database, leading to potential downtime or service disruption.
- Increased Attack Surface: The vulnerability could be exploited as a stepping stone to compromise other parts of the system or network if the attacker gains sufficient database privileges.
Mitigation Recommendations:
- Upgrade to a Patched Version: Users are strongly advised to upgrade to Apache Traffic Control 8.0.2 or later, which contains a fix for this vulnerability. Regularly check for updates to ensure you are using the most secure version.
- Limit Privileged User Access: Restrict access to privileged roles such as “admin”, “federation”, “operations”, “portal”, and “steering”. Implement the principle of least privilege to reduce the potential impact of an exploit.
- Input Validation and Sanitization: Enhance input validation and sanitization mechanisms to prevent malicious data from being processed. Use parameterized queries or prepared statements to mitigate SQL injection risks.
- Monitor for Suspicious Activity: Continuously monitor logs and system activity for signs of exploitation attempts or unusual behavior, such as unauthorized PUT requests or unexpected database queries.
- Network Segmentation and Firewalls: Ensure that the Traffic Ops component is properly protected behind firewalls and network segmentation to prevent unauthorized external access.
Remote Code Execution Vulnerability in Webmin | CVE-2024-12828
Description: Identifies a critical vulnerability in Webmin, a popular web-based system administration tool. The issue resides in handling CGI requests, where insufficient validation of user-supplied input allows attackers to inject malicious strings. This vulnerability can be exploited to execute arbitrary system commands, potentially leading to Remote Code Execution (RCE) with root privileges. Exploitation requires authentication, putting systems with weak or shared credentials at risk.
Potential Impacts:
- Remote Code Execution (RCE): Unauthorized attackers can gain control over the host system.
- Privilege Escalation: Exploited commands run with root privileges, granting full administrative access.
- Data Compromise: Potential exposure or modification of sensitive data on affected systems.
- Service Disruption: Execution of malicious commands could disrupt operations or render systems inoperative.
Mitigation Recommendations:
- Update Webmin: Upgrade to the latest patched version where this vulnerability is resolved.
- Strengthen Authentication: Enforce strong, unique passwords and implement multi-factor authentication (MFA) to reduce risk.
- Restrict Access: Limit access to Webmin to trusted networks or IP addresses using firewalls or VPNs.
- Validate Inputs: Configure Webmin to reject untrusted or malformed CGI requests where possible.
- Monitor and Audit Logs: Regularly review Webmin access and error logs to detect suspicious activity.
- Conduct Security Hardening: Disable unused features or modules to reduce the attack surface of your Webmin installation.
High Severity Vulnerabilities
Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability | CVE-2021-44207: Identifies a severe vulnerability in Acclaim USAHERDS software, versions up to and including 7.4.0.1, due to the use of hard-coded credentials for authentication. These credentials are embedded in the software’s code and cannot be altered by administrators, allowing potential attackers to exploit them to gain unauthorized access to the system. This flaw significantly undermines the security of any system using the vulnerable software, particularly if exposed to the internet or untrusted networks.
Symlink Attack Vulnerability in Dell SupportAssist | CVE-2024-52535: Highlights a vulnerability in Dell SupportAssist software, impacting both Home PCs (versions 4.6.1 and earlier) and Business PCs (versions 4.5.0 and earlier). The issue resides in the software remediation component, where improper handling of symbolic links (symlinks) allows a low-privileged authenticated user to exploit the system. Successful exploitation enables privilege escalation and could result in the arbitrary deletion of files and folders on the affected system.
Unauthorized Access and Data Integrity Vulnerability in Oracle iStore | CVE-2019-2483: Identifies a critical vulnerability in the Oracle iStore product, part of the Oracle E-Business Suite, affecting versions 12.1.1 through 12.2.8. This flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful exploitation requires some degree of user interaction, such as clicking on a malicious link or performing specific actions, but it can result in a significant scope change, impacting not only Oracle iStore but also other connected systems.
Medium Severity Vulnerabilities
Arbitrary Code Execution Vulnerability in Jinja | CVE-2024-56201: is a vulnerability affecting Jinja, an extensible templating engine, prior to version 3.1.5. The vulnerability arises due to a bug in the Jinja compiler that allows an attacker to execute arbitrary Python code. This occurs when an attacker has control over both the content and filename of a template. The flaw bypasses Jinja’s sandboxing mechanisms, potentially allowing the attacker to run arbitrary Python code on the server where the vulnerable application is running. The exploitation of this vulnerability requires the attacker to control both the filename and the contents of the template, which depends on the type of application utilizing Jinja.
Denial of Service Vulnerability in IBM AIX and VIOS | CVE-2024-47102: Identifies a vulnerability in the AIX perfstat kernel extension of IBM AIX versions 7.2 and 7.3 and VIOS versions 3.1 and 4.1. This flaw allows a non-privileged local user to exploit the kernel extension, potentially leading to a denial of service (DoS) condition on the affected system. By triggering specific conditions within the perfstat kernel module, the attacker can disrupt normal operations, rendering the system temporarily unavailable.