Here are the CVE updates for the week of January 13th through the 19th.
CRITICAL SEVERITY VULNERABILITIES
Qlik Sense HTTP Tunneling Vulnerability | CVE-2023-48365
Description: is a critical vulnerability in Qlik Sense Enterprise for Windows that allows unauthenticated attackers to execute remote code. This issue arises due to improper validation of HTTP headers, enabling attackers to elevate privileges by tunneling HTTP requests. This vulnerability allows attackers to execute unauthorized HTTP requests on the backend server hosting the repository application.
Potential Impacts:
- Remote Code Execution: Attackers can execute arbitrary code on the backend server, potentially compromising the entire system.
- Privilege Escalation: Unauthorized users can gain elevated privileges, enabling further exploitation.
- Backend Server Compromise: Exploitation could lead to unauthorized access and control over the backend server and its hosted applications.
Mitigation Recommendations:
- Update Qlik Sense: Apply the latest patches, including August 2023 Patch 2 or other fixed versions.
- Restrict Access: Limit Qlik Sense server exposure to trusted networks and authenticated users.
- Harden HTTP Headers: Ensure proper validation to prevent tunneling attacks.
- Monitor Activity: Use logging and IDS to detect unusual or unauthorized HTTP requests targeting the backend server.
- Secure Backend Servers: Strengthen security configurations to minimize the attack surface.
FortiOS and FortiProxy Authentication Bypass Vulnerability | CVE-2024-55591
Description: This vulnerability affects FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12. The issue involves an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288) in the Node.js websocket module. A remote attacker can exploit this flaw by sending specially crafted requests, enabling them to gain super-admin privileges without proper authentication.
Potential Impacts:
- Privilege Escalation: Unauthenticated attackers could obtain super-admin access, leading to full control over the affected system.
- Data Exposure: Access to sensitive data and system configurations could result in confidentiality breaches.
- System Disruption: Attackers could manipulate system settings, potentially leading to operational downtime or instability.
Mitigation Recommendations:
- Apply Security Updates: Upgrade FortiOS to versions beyond 7.0.16 and FortiProxy to versions beyond 7.0.19 (7.2.13 or later).
- Restrict Network Access: Limit public exposure of management interfaces to trusted IP addresses or VPN connections.
- Monitor and Log Activity: Implement monitoring tools to detect unusual access patterns or privilege escalations.
- Enforce Access Control: Ensure strong authentication mechanisms, such as multi-factor authentication (MFA), are in place for all administrative accounts.
- Review and Harden Configurations: Disable or limit use of the Node.js websocket module unless explicitly required.
NetVision Information AirPASS Missing Authentication Vulnerability | CVE-2025-0456
Description: A Missing Authentication vulnerability has been identified in the airPASS platform from NetVision Information. This flaw allows unauthenticated remote attackers to access specific administrative functionalities, enabling them to retrieve all accounts and passwords stored in the system. The absence of proper authentication mechanisms exposes sensitive information and poses a significant security risk.
Potential Impacts:
- Data Breach: Unauthorized retrieval of all user accounts and passwords, leading to compromised credentials.
- System Compromise: Attackers could use stolen credentials to gain unauthorized access to critical systems.
- Lateral Movement: Exploited credentials may facilitate further attacks within the affected network.
Mitigation Recommendations:
- Apply Patches: Update airPASS to a version that addresses this vulnerability as soon as patches are available.
- Restrict Administrative Access: Limit access to the administrative interface to trusted networks or VPNs.
- Implement Network Segmentation: Isolate the airPASS system to prevent unauthorized lateral movement within the network.
- Enforce Strong Authentication: Enable multi-factor authentication (MFA) for administrative access to reduce the risk of unauthorized login.
- Monitor and Audit Logs: Regularly review access logs to identify unauthorized access attempts or anomalies.
Arbitrary Code Execution Vulnerability in Aviatrix Controller | CVE-2024-50603
Description: A vulnerability has been identified in Aviatrix Controller versions before 7.1.4191 and 7.2.x before 7.2.4996. This issue arises from improper neutralization of special elements used in OS commands, allowing an unauthenticated attacker to execute arbitrary code. By sending shell metacharacters in the cloud_type parameter for list_flightpath_destination_instances or in the src_cloud_type parameter for flightpath_connection_test via the /v1/api endpoint, an attacker can exploit this flaw and compromise the system.
Potential Impacts:
- Remote Code Execution: Unauthorized execution of commands on the server.
- System Compromise: Complete control over the affected system by attackers.
- Data Breach: Unauthorized access to sensitive information on the system.
Mitigation Recommendations:
- Upgrade Software: Update to Aviatrix Controller version 7.1.4191 or 7.2.4996 (or later) where the vulnerability is addressed.
- Input Validation: Implement strict validation and sanitization for all user inputs, especially API parameters.
- Restrict API Access: Limit access to the API endpoints to trusted networks or authenticated users.
- Monitor System Logs: Regularly review logs for unusual activity or exploitation attempts.
HIGH SEVERITY VULNERABILITIES
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability | CVE-2025-21335: A vulnerability has been discovered in Windows Hyper-V related to the NT Kernel Integration Virtualization Service Provider (VSP). This flaw allows a malicious guest virtual machine to elevate privileges within the host operating system. The issue arises due to improper isolation and validation mechanisms within the Hyper-V kernel integration components.
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | CVE-2025-21334: This vulnerability in Windows Hyper-V affects the NT Kernel Integration Virtualization Service Provider (VSP), where improper validation within kernel integration allows an attacker to elevate privileges. A malicious guest virtual machine can exploit this flaw to execute code with higher privileges on the host operating system.
Cross-Site Request Forgery (CSRF) in GestioIP v3.5.7 | CVE-2024-50858: Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to craft a malicious URL that, when clicked by an administrator, triggers unintended actions in their browser. These actions could lead to data modification, where critical system or user data is altered without consent, data deletion, allowing unauthorized removal of data, and data exfiltration, where sensitive information is leaked to the attacker.
MEDIUM SEVERITY VULNERABILITIES
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability | CVE-2024-12686: A command injection vulnerability has been identified in Privileged Remote Access (PRA) and Remote Support (RS). This flaw allows an attacker with existing administrative privileges to inject commands and execute them as a site user, leading to unauthorized actions and potential system compromise.
Stored Cross-Site Scripting (XSS) in GestioIP v3.5.7 | CVE-2024-50861: A vulnerability exists in the ip_mod_dns_key_form.cgi request, where an attacker can inject malicious JavaScript or HTML code into the “TSIG Key” field. This malicious payload is stored in the database and executed whenever a user views the affected data. The exploit could allow data exfiltration, granting unauthorized access to sensitive information, and Cross-Site Request Forgery (CSRF) attacks, forcing users to perform unintended actions.