Cybersecurity Updates: Vulnerabilities, Nov. 25 – Dec. 1, 2024

Here are the CVE updates for the week of November 25th through December 1st.

Critical Severity Vulnerabilities

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability | CVE-2023-28461
Description: A critical vulnerability in Array Networks’ AG Series and vxAG products running ArrayOS 9.4.0.481 or earlier allows remote code execution. An attacker can exploit this flaw using a crafted HTTP header to access the SSL VPN gateway’s filesystem without authentication. This vulnerability can then be leveraged via a vulnerable URL to execute arbitrary commands.

Potential Impacts:

1. System Takeover: Attackers can execute malicious code, gaining complete control over the affected system.
2. Data Breach: Access to sensitive data stored on or transmitted through the device.
3. Service Disruption: Potential to disrupt operations or render systems inoperable.
4. Network Compromise: Exploitation may provide an entry point for broader network infiltration.

Mitigation Recommendations:

1. Update Software: Ensure devices are updated to the latest version once the vendor releases the fix.
2. Restrict Access: Limit access to the SSL VPN gateway to trusted IP ranges using firewalls or ACLs.
3. Monitor Network Activity: Regularly inspect logs for unusual or unauthorized access attempts to detect exploitation.
4. Temporary Isolation: If patching is delayed, isolate vulnerable devices to prevent exploitation.

NoSQL Injection and Privilege Escalation Vulnerability in Adapt Authoring Tool | CVE-2024-50672
Description: A NoSQL injection vulnerability has been discovered in the Adapt Learning Adapt Authoring Tool versions 0.11.3 and earlier. This issue arises in the “Reset password” feature due to insufficient input validation when processing user-provided data. Attackers can exploit this vulnerability by injecting malicious input into the find() function of Mongoose, a MongoDB object modeling tool.

Potential Impacts:

1. Full Administrator Takeover: Attackers can reset administrator credentials, granting them complete control over the application.
2. Remote Code Execution (RCE): The ability to upload custom plugins enables attackers to execute arbitrary code, potentially compromising the server and its data.
3. Data Breach and Integrity Loss: Unauthorized access to sensitive user and system data stored in the application database.
4. Service Disruption: Exploitation can lead to significant operational downtime or data loss.

Mitigation Recommendations:

1. Update the Software: Make sure you’re using the latest version of the Adapt Authoring Tool. The issue is fixed in version 0.11.4 and later.
2. Verify User Input: Ensure that any data entered, like passwords, is properly checked before being processed. This can help prevent attackers from injecting harmful commands.
3. Limit Password Reset Access: Restrict who can use the password reset feature. Only allow trusted users to reset passwords or add extra security steps like CAPTCHA.
4. Monitor for Suspicious Activity: Regularly check the system logs for unusual behavior, such as multiple password reset attempts, to spot potential threats early.
5. Use Security Tools: Consider using a web application firewall (WAF) to help block malicious activities before they can affect your system.

Unauthorized Arbitrary Plugin Installation in CleanTalk Anti-Spam Plugin for WordPress | CVE-2024-10542
Description: The CleanTalk Spam Protection, Anti-Spam, Firewall plugin for WordPress, up to and including version 6.43.2, contains a vulnerability that allows unauthorized attackers to install arbitrary plugins. This occurs due to an authorization bypass in the checkWithoutToken function, which is susceptible to reverse DNS spoofing. Attackers can exploit this weakness to bypass authentication and install plugins of their choosing on the affected WordPress site.

Potential Impacts:

1. Arbitrary Plugin Installation: Attackers can install any plugin without authentication, potentially leading to the installation of malicious plugins.
2. Remote Code Execution (RCE): If a vulnerable plugin is already active on the site, the attacker can exploit this vulnerability to execute arbitrary code, gaining full control over the server.
3. System Compromise: Exploitation could allow attackers to modify or delete files, steal sensitive data, or use the site as a launching point for further attacks.
4. Loss of Trust: The exploitation of this vulnerability could damage the reputation of the affected WordPress site, especially if the attacker uses it to perform malicious actions or steal user data.

Mitigation Recommendations:

1. Update to the Latest Version: Update the CleanTalk Anti-Spam plugin to the latest version to address the vulnerability. Always monitor for plugin updates and apply them promptly.
2. Restrict Access to Admin Features: Limit access to the plugin’s configuration and settings to trusted administrators. Ensure that the WordPress dashboard is secure and that unauthorized users cannot modify plugin settings.
3. Regularly Audit Installed Plugins: Regularly review the plugins installed on the WordPress site, ensuring that only trusted plugins are active and regularly updated to avoid known vulnerabilities.
4. Implement Web Application Firewall (WAF): Use a WAF to detect and block malicious requests and attempts to exploit vulnerabilities, particularly those involving reverse DNS spoofing.
5. Monitor for Suspicious Activity: Set up alerts for unusual plugin installations or changes in WordPress core files, which may indicate attempts to exploit this or other vulnerabilities.

High Severity Vulnerabilities

MacOS Universal Audio (UAConnect) | CVE-2024-8272: The com.uaudio.bsd.helper service, designed to execute privileged operations on macOS, contains a critical flaw in its inter-process communication (IPC) via XPC. Specifically, it does not validate the code requirements, entitlements, or security flags of clients attempting to connect. This oversight permits unauthorized processes to establish connections and invoke privileged methods, enabling attackers to escalate their privileges to root. Exploitation of this vulnerability can compromise the entire system.

Microsoft Dynamics 365 Sales Spoofing Vulnerability | CVE-2024-49053: is a spoofing vulnerability affecting Microsoft Dynamics 365 Sales. Spoofing vulnerabilities occur when an attacker impersonates a legitimate user or service, misleading the victim into performing actions that they wouldn’t normally take. In the case of this vulnerability, adversaries may exploit the system to deceive users into entering sensitive information or triggering unintended commands, such as malicious redirects or unauthorized data manipulation.

Malicious Code Execution Vulnerability in GENESIS64 and MC Works64 | CVE-2024-9852: is a vulnerability that affects ICONICS GENESIS64, Mitsubishi Electric GENESIS64, and Mitsubishi Electric MC Works64 across all versions. This issue is caused by an uncontrolled search path element, which can be exploited by a local authenticated attacker. The attacker can store a specially crafted Dynamic-Link Library (DLL) file in a specific folder, and when the affected application searches for files to execute, it may unintentionally load the malicious DLL. This can lead to the execution of malicious code on the system.

Medium Severity Vulnerabilities

Dell Wyse Management Suite – Missing Authorization Vulnerability | CVE-2024-49596: Dell Wyse Management Suite (WMS) versions 4.4 and earlier contain a Missing Authorization vulnerability. This flaw allows an attacker with high privileges and remote access to exploit the system. Once exploited, the attacker could cause a Denial of Service (DoS), potentially rendering the system inoperable, and could also lead to arbitrary file deletion, compromising data integrity.

Cross-Site Request Forgery (CSRF) Vulnerability in Skt NURCaptcha Plugin for WordPress | CVE-2024-11342: The Skt NURCaptcha plugin for WordPress, up to and including version 3.5.0, is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This vulnerability arises due to missing or improper nonce validation in the skt-nurc-admin.php file. Without proper nonce checks, an attacker can forge a request to modify settings or inject malicious scripts on the affected WordPress site.