Cybersecurity Updates: Vulnerabilities, November 18 – 24, 2024

Here are the CVE updates for the week of November 18th through 24th.

Critical Severity Vulnerabilities

LoadMaster Pre-Authenticated OS Command Injection | CVE-2024-1212
Description: A critical vulnerability in the LoadMaster Management Interface allows unauthenticated remote attackers to execute arbitrary system commands. This flaw can be exploited by gaining unauthorized access to the management interface, potentially compromising the entire system.

Potential Impacts:

1. System Takeover: Attackers could execute commands to disrupt or control the system.
2. Sensitive Data Exposure: Confidential information such as credentials may be stolen.
3. Network Vulnerabilities: The compromised system could be an entry point for broader attacks.

Mitigation Recommendations:

1. Apply Vendor Patches: Ensure the latest software updates are installed immediately.
2. Restrict Access: Limit access to the management interface through firewalls or IP whitelisting.
3. Monitor Logs: Regularly inspect system logs for suspicious activity.
4. Network Segmentation: Place the management interface in a separate, secured network.

Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes | CVE-2024-47533
Description: Cobbler, a Linux installation server used for rapid network environment setup, contains an improper authentication vulnerability in versions 3.0.0 through 3.3.6. The vulnerability arises from the utils.get_shared_secret() function, which consistently returns -1. This allows any network user to connect to the Cobbler server’s XML-RPC interface as user ” with password -1. Once connected, attackers gain full control of the Cobbler server, enabling them to: modify server configurations, compromise network installation environments, and deploy unauthorized or malicious configurations.

Potential Impacts:

1. Server Takeover: Attackers can modify configurations or inject malicious payloads.
2. Malware propagation: Unauthorized deployments may spread harmful software.
3. Data Breach: Access to sensitive server data, jeopardizing security across network installations.

Mitigation Recommendations:

1. Update Software: Upgrade to Cobbler versions 3.2.3 or 3.3.7, which address the issue.
2. Limit Access: Restrict server access to trusted networks or authorized personnel.
3. Monitor Logs: Continuously review server activity for unauthorized changes.
4. Harden Network Security: Use firewalls and network segmentation to reduce exposure.

PAN-OS Authentication Bypass Vulnerability | CVE-2024-0012
Description:
An authentication bypass vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to gain PAN-OS administrator privileges. This enables attackers to perform administrative actions, manipulate configurations, or exploit other privilege escalation vulnerabilities, such as CVE-2024-9474. This issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2, but this vulnerability does not impact Cloud NGFW and Prisma Access.

Potential Impacts:

1. Privilege Escalation: Attackers can gain administrator-level access, potentially compromising the system.
2. Configuration Tampering: Malicious actors could modify firewall and system settings, weakening the security posture.
3. Chained Exploits: Attackers may exploit this vulnerability in combination with other privilege escalation vulnerabilities, such as CVE-2024-9474, to gain full control over the system.

Mitigation Recommendations:

1. Update Software: Apply the latest patches from Palo Alto Networks for the affected PAN-OS versions.
2. Restrict Access to Management Interface: Secure the management interface by limiting access to trusted internal IP addresses, following Palo Alto Networks’ best practice guidelines for secure deployment. 
3. Monitor Access: Regularly audit access logs for suspicious activities and unauthorized access attempts.

vCenter Server Heap-Overflow Vulnerability | CVE-2024-38812
Description:
A heap-overflow vulnerability exists in the vCenter Server, specifically within the implementation of the DCERPC (Distributed Computing Environment / Remote Procedure Call) protocol. This vulnerability allows a malicious actor with network access to send a specially crafted network packet to the vCenter Server. By exploiting this flaw, an attacker could potentially trigger remote code execution (RCE) on the affected system, leading to complete control over the vCenter Server.

Potential Impacts:

1. Remote Code Execution: Attackers can execute arbitrary code on the vCenter Server.
2. System Compromise: Complete access to the server can be gained.
3. Network Risks: Attackers can potentially spread malicious activity across the network.

Mitigation Recommendations:

1. Apply Patches: Update vCenter Server to the latest version to close the vulnerability.
2. Restrict Network Access: Limit access to trusted sources.
3. Monitor Network Traffic: Watch for suspicious activity targeting the vCenter Server.

High Severity Vulnerabilities

Multiple Cisco Products SNORT Ethernet Frame Decoder Denial of Service Vulnerability | CVE-2021-1285: Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine. This issue allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS) condition by exploiting improper handling of error conditions when processing Ethernet frames. An attacker can trigger the vulnerability by sending malicious Ethernet frames through the affected device, leading to: Exhaustion of disk space, Inability for administrators to log in and Device boot failures.

WesHacks code includes links to Leostop tracking spyware infested files | CVE-2024-52583: The WesHacks GitHub repository, which hosts the source code for the official Muweilah Wesgreen Hackathon competition website, contained a vulnerability in the schedule.html file prior to 17 November 2024 or commit 93dfb83. The issue involves links to the external site Leostop, which hosts a malicious JavaScript file. When loaded, this file executes during the initialization of Bootstrap and jQuery. The malicious code may include tracking malware and creates two additional JavaScript files, potentially compromising users visiting the affected page. All references to Leostop were removed from the repository on 17 November 2024.

Privilege escalation vulnerability | CVE-2024-38813: A privilege escalation vulnerability exists in VMware’s vCenter Server, which could allow an attacker with network access to escalate their privileges to root level. This can be achieved by sending a specially crafted network packet to the affected vCenter Server. If successfully exploited, an attacker could gain full control of the system, enabling further malicious actions such as data manipulation, system compromise, or unauthorized configuration changes.

Apple Multiple Products Code Execution Vulnerability | CVE-2024-44308: A vulnerability in Apple WebKit could allow attackers to execute arbitrary code by processing maliciously crafted web content. This issue impacts multiple Apple platforms, including Safari, iOS, iPadOS, macOS, and visionOS. Apple has acknowledged that this vulnerability may have been actively exploited on Intel-based Mac systems

Oracle Agile PLM Framework Vulnerability | CVE-2024-21287: A vulnerability in the Oracle Agile PLM Framework (component: Software Development Kit, Process Extension) allows an unauthenticated attacker with network access via HTTP to exploit the system. This vulnerability affects version 9.3.6 of the product. The flaw is easily exploitable and can lead to unauthorized access to critical or complete data accessible through the Oracle Agile PLM Framework.

Medium Severity Vulnerabilities

Cisco Data Center Network Manager Path Traversal Vulnerability | CVE-2020-3538: A vulnerability in a REST API endpoint of Cisco Data Center Network Manager (DCNM) Software can be exploited by an authenticated, remote attacker to perform a path traversal attack. This flaw is caused by insufficient path restriction enforcement within the API. By sending specially crafted HTTP requests to the affected device.

PAN-OS Privilege Escalation Vulnerability | CVE-2024-9474: A privilege escalation vulnerability exists in Palo Alto Networks PAN-OS software, allowing an administrator with access to the management web interface to execute actions on the firewall with root privileges. This vulnerability does not affect Cloud NGFW or Prisma Access.

Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability | CVE-2024-44309: A critical cookie management vulnerability in Apple WebKit has been identified, allowing cross-site scripting (XSS) attacks. The flaw arises from improper state management of cookies, potentially enabling attackers to inject malicious scripts or manipulate session data. Apple has confirmed that this vulnerability may have been actively exploited on Intel-based Mac systems.