In this week's Security Advisory:
- Critical Remote Code Execution Vulnerability Patched in Progress Kemp's LoadMaster
- WordPress Plugin 'Ultimate Member' Vulnerable to SQL Injection Attacks
- Joomia's Security Update Addresses Multiple Remote Code Execution Flaws
- Security Updates Released in Google Chrome Desktop Browser and Mozilla Products
Critical Remote Code Execution Vulnerability Patched in Progress Kemp's LoadMaster
Progress Kemp has issued a critical update to address a vulnerability identified in their LoadMaster product. Tracked as CVE-2024-1212 and carrying a CVSS score of 10 out of 10, this vulnerability enables unauthorized remote attackers to gain access to the LoadMaster management interface and potentially execute arbitrary code by carefully crafted API commands. LoadMaster, developed by Progress Kemp, is a load balancer designed to facilitate organizations in effectively managing application traffic to optimize resource utilization.
Affected Versions:
- Versions after 7.2.48.1 - before 7.2.48.10
- Versions after 7.2.54.0 - before 7.2.54.8
- Versions after 7.2.55.0 - before 7.2.59.2
More Reading/Information
- https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212
- https://www.cyberdaily.au/security/10224-acsc-releases-critical-alert-over-progress-kemp-loadmaster-vulnerability
WordPress Plugin 'Ultimate Member' Vulnerable to SQL Injection Attacks
A critical security flaw has been identified in the 'Ultimate Member' plugin for WordPress, revealing its susceptibility to an unauthenticated SQL injection vulnerability. This flaw arises from insufficient input validations within its user query feature. Exploiting this loophole allows attackers to inject malicious commands, potentially resulting in the retrieval of sensitive data, such as password hashes. This vulnerability is currently being tracked as CVE-2024-1071.
Affected Versions:
- Versions 2.1.3 - 2.8.2
More Reading/Information
- https://www.securityweek.com/critical-flaw-in-popular-ultimate-member-wordpress-plugin/
- https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html
- https://sensorstechforum.com/cve-2024-1071-ultimate-member-plugin-wordpress/
- https://securityonline.info/cve-2024-1071-wordpress-ultimate-member-plugin-under-active-attack/
Joomla's Security Update Addresses Multiple Remote Code Execution Flaws
Joomla has released an advisory addressing five (5) security issues that impact multiple versions of their content management system. Joomla is an open source, website-building platform that allow developers to construct diverse websites and online applications. Among these vulnerabilities, CVE-2024-21726 highlights a content filtering flaw that permits threat actors to execute cross-site scripting (XSS) attacks. This flaw allows malicious scripts to be injected into the user base and can lead to the execution of unsafe code through a victim's browser.
More Reading/Information
- https://www.bleepingcomputer.com/news/security/joomla-fixes-xss-flaws-that-could-expose-sites-to-rce-attacks/
- https://www.darkreading.com/application-security/joomla-xss-bugs-open-millions-websites-rce
- https://securityaffairs.com/159487/security/joomla-xss-flaws.html
Security Updates Released in Google Chrome Desktop Browser and Mozilla Products
There were security updates released by Google and Mozilla to address several vulnerabilities in each product.
Google released a security update to fix four (4) vulnerabilities in its Chrome Desktop Browser for Windows, Mac, and Linux.
Mozilla released security updates to address vulnerabilities in several of its products that could lead to arbitrary code execution. There was a total of thirty-two (32) vulnerabilities affecting Firefox, Firefox ESR, Firefox Focus and Thunderbird, with eleven (11) receiving a severity rating of "High." These affect Firefox versions prior to 123, Firefox ESR versions prior to 115.8, Firefox Focus versions prior to 123 and Thunderbird versions prior to 115.8.
More Reading/Information
- https://www.mozilla.org/en-US/security/advisories/
- https://www.securityweek.com/chrome-122-firefox-123-patch-high-severity-vulnerabilities/
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
