Wöchentliches Briefing: Top 5 Hacker-relevante Schwachstellen

Image cover for blog post.

11.10.2024

Profile image of ENTRYZERO

ENTRYZERO

Alle 15 Minuten tritt eine neue Schwachstelle auf, was zu durchschnittlich etwa 650 neuen Schwachstellen pro Woche führt – eine überwältigende Rate, die schwer zu bewältigen ist. Die durchschnittlichen Kosten eines Sicherheitsvorfalls sind weltweit auf ein Rekordhoch von 4,45 Millionen US-Dollar gestiegen. Um Organisationen zu helfen, ihre Ressourcen effektiv zuzuweisen und sich auf die risikoreichsten Schwachstellen zu konzentrieren, entwickeln wir einen neuartigen, entscheidungsbaum-basierten Priorisierungsansatz. Dieser wird auf Basis von über 100.000 Schwachstellen- und Bedrohungsinformationen trainiert und erweitert Industriestandards wie CVSS und EPSS, um das Echtzeitrisiko und den Kontext neuer Schwachstellen besser zu erfassen. In dieser Serie präsentieren wir die Top 5 Schwachstellen der Woche, basierend auf einem Teilbaum unseres Modells.

Product | Access Vector | Description | CVE | References


Calendar Week 41 2024

  1. Palo Alto Networks Expedition | Unauthenticated Remote Attack | OS and SQL Injection Vulnerabilities | CVE-2024-9463, CVE-2024-9464, CVE-2024-9465 | Details, PoC1, PoC2

  2. Mozilla Firefox and Firefox ESR | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-9680 | Details

  3. Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb | Unauthenticated Remote Attack | Format String Vulnerability | CVE-2024-23113 | Details

  4. Windows RDP | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-43582 | Details

  5. PostgreSQL pgAdmin | Unauthenticated Remote Attack | Insufficiently Protected Credentials in OAuth2 Authentication | CVE-2024-9014 | Details, PoC

Calendar Week 40 2024

  1. Cisco IOS XE | Unauthenticated Remote Attack | Improper Resource Management Vulnerability | CVE-2024-20467 | Details

  2. OpenPrinting CUPS | Unauthenticated Remote Attack | Binding to an Unrestricted IP Address and Input Validation Vulnerabilities | CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177 | Details, PoC1, PoC2

  3. Check Point Quantum Security Gateways | Unauthenticated Remote Attack | Information Disclosure Vulnerability | CVE-2024-24919 | Details, PoC

  4. Synacor Zimbra Collaboration | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-45519 | Details, PoC

  5. Broadcom VMware vCenter Server | Unauthenticated Remote Attack | Heap Overflow Vulnerability | CVE-2024-38812 | Details

Calendar Week 39 2024

  1. OpenPrinting CUPS | Unauthenticated Remote Attack | Binding to an Unrestricted IP Address and Input Validation Vulnerabilities | CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177 | Details, PoC

  2. Aruba Access Points | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-42505, CVE-2024-42506, CVE-2024-42507 | Details

  3. Cisco Smart Licensing Utility | Unauthenticated Remote Attack | Use of Hard-coded Credentials Vulnerability | CVE-2024-20439 | Details, PoC

  4. MediaTek Wi-Fi Chipsets | Unauthenticated Remote Attack | Out-of-Bounds Write Vulnerability | CVE-2024-20017 | Details, PoC

  5. Keycloak | Authenticated Remote Attack | Improper Signature Verification Vulnerability | CVE-2024-8698 | Details

Calendar Week 38 2024

  1. Apache HugeGraph | Unauthenticated Remote Attack |  Improper Access Control Vulnerability | CVE-2024-27348 | Details, PoC

  2. Ivanti Endpoint Manager | Unauthenticated Remote Attack | Improper Deserialization of Untrusted Data Vulnerability | CVE-2024-29847 | Details, PoC

  3. Thinkphp | Unauthenticated Remote Attack | Improper Deserialization of Untrusted Data Vulnerability | CVE-2024-44902 | Details, PoC

  4. Raisecom Gateway Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | Details, PoC

  5. Broadcom vCenter Server | Unauthenticated Remote Attack | Heap Overflow Vulnerability | Details

Calendar Week 37 2024

  1. Kemp LoadMaster | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-1212 | Details, PoC

  2. Qualitor ITSM | Unauthenticated Remote Attack | Arbitrary File Upload Vulnerability | CVE-2024-44849 | Details, PoC

  3. Apache OFBiz | Unauthenticated Remote Attack | Server-Side Request Forgery Vulnerability | CVE-2024-45507 | Details, PoC

  4. SonicWall SonicOS | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-40766 | Details

  5. GitLab CE/EE | Authenticated Remote Attack | Pipeline Execution Vulnerability | CVE-2024-6678 | Details

Calendar Week 36 2024

  1. Cisco Smart Licensing Utility | Unauthenticated Remote Attack | Sensitive Information in Log Files and Static Admin Credentials Vulnerabilities | CVE-2024-20439, CVE-2024-20440 | Details, PoC1, PoC2

  2. Veeam Backup & Replication | Unauthenticated Remote Attack | Remote Code Execution Vulnerability | CVE-2024-40711 | Details

  3. Ivanti Virtual Traffic Manager | Unauthenticated Remote Attack | Admin Authentication Bypass Vulnerability | CVE-2024-7593 | Details, PoC

  4. Zyxel APs and Security Router Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-7261 | Details

  5. WhatsUp Gold | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-6670 | Details, PoC

Calendar Week 35 2024

  1. Wordpress Litespeed Cache | Unauthenticated Remote Attack | Incorrect Privilege Assignment Vulnerability | CVE-2024-28000 | Details, PoC

  2. AVTECH IP Cameras | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-7029 | Details, PoC

  3. Apache OFBiz | Unauthenticated Remote Attack | Path Traversal and Incorrect Authorization Vulnerabilities | CVE-2024-32113, CVE-2024-38856 | Details, PoC1, PoC2

  4. Google Chromium V8 | Unauthenticated Remote Attack | Confusion and Inappropriate Implementation Vulnerabilities | CVE-2024-5274, CVE-2024-7965 | Details, Details, PoC1

  5. SonicWall SonicOS | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-40766 | Details

Calendar Week 34 2024

  1. GitHub Enterprise Server | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-6800 | Details

  2. Ingress Nginx Controller | Authenticated Remote Attack | Annotation Validation Bypass Vulnerability | CVE-2024-7646 | Details, PoC

  3. ServiceNow | Unauthenticated Remote Attack | Input Validation and Incomplete List of Disallowed Inputs Vulnerabilities | CVE-2024-5217, CVE-2024-4879 | Details, PoC1, PoC2

  4. Dahua IP Cameras, Video Intercom, NVR, XVR devices | Unauthenticated Remote Attack | Authentication Bypass Vulnerabilities | CVE-2021-33044, CVE-2021-33045 | Details, PoC

  5. Apache HTTP Server | Unauthenticated Remote Attack | Substitution Encoding Vulnerabilities | CVE-2024-38474, CVE-2024-38475 | Details, PoC

Calendar Week 33 2024

  1. TOTOLINK EX1800T and A3700R | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-34257, CVE-2023-46574 | Details, PoC1, PoC2

  2. Windows 10, 11, and Server | Unauthenticated Remote Attack | TCP/IP Buffer Overflow Vulnerability in IPv6 Stack | CVE-2024-38063 | Details, PoC

  3. VMware ESXi | Authenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-37085 | Details, PoC

  4. SolarWinds Web Help Desk | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2024-28986 | Details

  5. Ivanti Virtual Traffic Manager | Unauthenticated Remote Attack | Admin Authentication Bypass Vulnerability | CVE-2024-7593 | Details

Calendar Week 33 2024

  1. Cacti Network Monitoring and Fault Management Framework | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-29895 | Details, PoC

  2. Jenkins | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-43044 | Details, PoC

  3. ServiceNow | Unauthenticated Remote Attack | Input Validation and Incomplete List of Disallowed Inputs Vulnerabilities | CVE-2024-5217, CVE-2024-4879 | Details, PoC1, PoC2

  4. Progress WhatsUpGold | Unauthenticated Remote Attack | Improper Path Validation Vulnerability | CVE-2024-4885 | Details, PoC

  5. Apache OFBiz | Unauthenticated Remote Attack | Path Traversal and Incorrect Authorization Vulnerabilities | CVE-2024-32113, CVE-2024-38856 | Details, PoC1, PoC2

Alle Rechte vorbehalten von ENTRYZERO GmbH

Website by Sanico Software

IMPRESSUM: ENTRYZERO GmbH, Grabenstraße 38, 44787 Bochum, Sitz: Bochum, Registergericht: Amtsgericht Bochum, HRB Nr.: 21709, USt-IdNr: DE369315057, Geschäftsführer: Dr. Mohamad Sbeiti, Samet Gökbayrak, Tel.: +49 151 56561989, E-Mail: info@entryzero.ai

DATENSCHUTZERKLÄRUNG: Diese Website erhebt keine personenbezogenen Daten. Wir verwenden keine Cookies, Tracker, Formulare oder ähnliche Technologien. Durch den Besuch unserer Website erklären Sie sich jedoch damit einverstanden, dass bei jeder Seitenanfrage die folgenden nicht-personenbezogenen Informationen zu statistischen Zwecken, zur Erkennung/Verhinderung von Eindringversuchen und zur Fehlerbehebung auf dem Webserver gespeichert werden: angeforderte Adresse (URL), Anfragedatum und -uhrzeit, IP-Adresse des Clients, User-Agent und Referer. Es werden keine Informationen an Dritte weitergegeben oder mit Dritten geteilt