[ad_1]
eSecurity Planet content material and product suggestions are editorially impartial. We could earn a living whenever you click on on hyperlinks to our companions. Study Extra.
The previous week and the lengthy weekend have had loads of vulnerabilities to maintain your IT and safety groups busy. Each SonicWall and Juniper Networks have seen vulnerabilities that permit distant code execution and denial-of service assaults.
Hold a watch out for safety bulletins out of your firewall distributors; it’s doable extra comparable vulnerabilities will come to mild. Proceed to watch your whole software program for potential malicious habits, however this week, monitor community home equipment specifically.
January 10, 2024
Hundreds of WordPress Websites Weak to Malware Injection
Sort of vulnerability: Cross-site scripting flaw in Popup Builder that enables a malware injection.
The issue: WordPress plugin Popup Builder is weak to exploitation by way of a flaw that enables attackers to carry out administrator-level actions like putting in new rogue plugins or creating new admin accounts. Researcher Marc Montpas from WPScan found and reported this vulnerability to the creators of the plugin.
Safety supplier Sucuri has researched the malware Balada Injector that takes benefit of this vulnerability and located that it’s compromised over 6,000 websites which have an outdated model of Popup Builder put in.
The repair: Popup Builder launched model 4.2.3 with a patch for the vulnerability, however older variations are nonetheless being exploited. Replace your occasion of Popup Builder to 4.2.3 should you haven’t already. An current injection can be eliminated within the Customized JS or CSS part of Popup Builder; Sucuri affords directions for doing this.
Juniper Networks SRX & EX Collection Compromised
Sort of vulnerability: Distant code execution and denial-of-service assaults.
The issue: Juniper Networks launched a bulletin a few distant code execution vulnerability in its SRX firewalls and EX switches. The difficulty is an out-of-bounds write vulnerability, in keeping with Juniper. When exploited, it permits an unauthenticated attacker to execute distant code and a denial-of-service assault. The attacker would additionally receive root privileges on the compromised firewall equipment.
This vulnerability is tracked as CVE-2024-21591. Affected variations embody:
- Junos OS variations sooner than 20.4R3-S9
- Junos OS 21.2 variations sooner than 21.2R3-S7
- Junos OS 21.3 variations sooner than 21.3R3-S5
- Junos OS 21.4 variations sooner than 21.4R3-S5
- Junos OS 22.1 variations sooner than 22.1R3-S4
- Junos OS 22.2 variations sooner than 22.2R3-S3
- Junos OS 22.3 variations sooner than 22.3R3-S2
- Junos OS 22.4 variations sooner than 22.4R2-S2, 22.4R3
The repair: Juniper Networks has the next Junos OS variations that repair the vulnerability:
- 20.4R3-S9
- 21.2R3-S7
- 21.3R3-S5
- 21.4R3-S5
- 22.1R3-S4
- 22.2R3-S3
- 22.3R3-S2
- 22.4R2-S2
- 22.4R3
- 23.2R1-S1
- 23.2R2
- 23.4R1
- All subsequent releases
Ivanti Zero-Days Go away the Door Open for Command Injection
Sort of assault: Zero-day vulnerability probably resulting in authentication bypass and command injection.
The issue: Ivanti introduced two vulnerabilities that have an effect on Ivanti Join Safe VPN and Ivanti Coverage Safe merchandise. Potential outcomes of the exploits embody authentication bypass and command injection. Variations 9.x and 22.x of each merchandise are affected.
Safety researchers from Mandiant found the vulnerability and recognized lively exploits of it, perpetrated by a risk actor that Mandiant is monitoring as UNC5221. This risk actor has deployed a minimum of 5 malware households utilizing the Ivanti merchandise.
The repair: Ivanti is at present creating patches for the vulnerabilities. Within the meantime, they’ve provided a mitigation technique: Customers can import the file mitigation.launch.20240107.1.xml by way of the obtain portal. Comply with this web page for updates on patches.
Privilege Escalation Vulnerability Impacts Microsoft SharePoint
Sort of assault: Privilege escalation assault.
The issue: The US Cybersecurity and Infrastructure Safety Company (CISA) has introduced a vulnerability in Microsoft SharePoint that enables a risk actor to escalate their privileges on the community. Microsoft supplied patches for the vulnerability final 12 months, nevertheless it’s nonetheless being exploited, in keeping with the CISA.
The vulnerability may be tracked as CVE-2023-29357.
The repair: Take a look at Microsoft’s Patch Tuesday replace from final June to seek out patch data for the SharePoint vulnerability.
January 11, 2024
Sensible Thermostat from Bosch Places Places of work in Hazard
Sort of vulnerability: Malicious instructions despatched from an attacker to the thermostat, together with probably changing firmware with rogue code.
The issue: Know-how firm Bosch has a thermostat, the BCC100, that’s weak to firmware alternative from a risk actor. Bitdefender found this vulnerability and first reported it to Bosch in August 2023. The report didn’t change into publicly out there till January 11.
The microcontroller of the thermostat is unable to tell apart between reliable messages from the cloud server and falsified messages from TCP port 8899 on the native space community. In line with Bitdefender, the thermostat doesn’t validate the authenticity of a brand new firmware replace.
The hazard of compromised IoT units is that risk actors may transfer laterally from a compromised thermostat onto a enterprise’s laptop techniques if the thermostat resides in the identical workplace because the community.
The repair: Bitdefender affords a sensible residence scanner app to find weak IoT units. Whereas it’s designed for residence use, what you are promoting can use it to seek for vulnerabilities in your workplace good units. When you’ve got the BCC100 put in, both change it or phase it by itself community.
January 15, 2024
A whole lot of Hundreds of SonicWall Firewalls May Be Exploited
Sort of vulnerability: Doable denial-of-service assault and distant code execution by an unauthenticated attacker.
The issue: SonicWall’s collection 6 and seven next-gen firewalls are vulnerable to vulnerabilities that may end up in denial of service assaults and distant code execution. In line with researchers at Bishop Fox, they scanned firewalls with administration consoles which can be uncovered to the web and realized that 76% of the firewalls had been weak to a minimum of one flaw.
CVE-2022-22274 is a stack-based buffer overflow vulnerability in SonicOS, the firewall’s working system. When exploited, it could actually permit a risk actor to launch a denial-of-service assault and probably additionally execute distant code. CVE-2023-0656 is identical vulnerability at its root, nevertheless it was introduced a 12 months later. The code happens in a distinct place and was found at a distinct time, so it’s thought-about a separate vulnerability.
The repair: Bishop Fox gives a check script that engineers can use to find out if their firewall occasion is weak. Of their evaluation, the researchers additionally gave examples of weak code versus secure code. In case your system is weak, Bishop Fox recommends disconnecting the administration interface from the web and updating the equipment’s firmware to the newest model.
Learn subsequent:
Featured Companions: Vulnerability Administration Software program
[ad_2]
