In this week's Security Advisory:
- Cisco Patches Multiple Vulnerabilities within its Networking Products
- Critical Security Updates for JetBrains TeamCity On-Premise Server
- Splunk Releases Patch for Multiple Vulnerabilities (CVE-2024-29945 & CVE-2024-29946) within its Enterprise and Cloud Products
- Critical Vulnerability in WordPress Plugin 'LayerSlider' Could Lead to Exfiltration of Data
- Security Updates Released for Google Chrome Desktop Browser and Android Products
Cisco Patches Multiple Vulnerabilities within its Networking Products
Cisco has released several patches designed to address fourteen (14) vulnerabilities affecting Cisco IOS and IOS XE, along with a patch targeting three (3) flaws identified within Cisco Access Point. Among the Cisco networking products, the highest vulnerabilities are being tracked as CVE-2024-20311 and CVE-2024-20271 both with a CVSS score of 8.6 out of a possible 10 and can allow an unauthenticated attacker to intentionally reload the Cisco device with customized crafted packets to create a Denial of Service scenario impacting a victim organization and its business. Of the total vulnerabilities affecting Cisco networking products, eleven (11) of the flaws pertain to a possible denial of service exploit that can impact daily organizational operations.
More Reading/Information
- https://www.securityweek.com/cisco-patches-dos-vulnerabilities-in-networking-products/
- https://sec.cloudapps.cisco.com/security/center/publicationListing.x
- https://www.darkreading.com/application-security/cisco-ios-bugs-unauthenticated-remote-dos-attacks
- https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-034
Critical Security Updates for JetBrains TeamCity On-Premise Server
JetBrains has released numerous security updates aimed at resolving twenty-six (26) vulnerabilities detected on its TeamCity On-Premise server. TeamCity is a popular continuous integration and continuous delivery (CI/CD) server. Among the vulnerabilities addressed is CVE-2024-31136, which holds a CVSS score of 7.4 out of 10. This vulnerability enables attackers to bypass 2 Factor authentication when a victim interacts with specially crafted URL from a threat actor. It's noteworthy that JetBrains has opted not to divulge full details of all twenty-six vulnerabilities in an effort to mitigate potential exploitation by malicious actors.
Affected Versions:
- All TeamCity On-Premise versions prior to 2024.03
More Reading/Information
- https://www.securityweek.com/26-security-issues-patched-in-teamcity/
- https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03
- https://www.techradar.com/pro/security/jetbrains-refuses-to-reveal-details-of-patched-security-issues
- https://www.theregister.com/2024/03/28/jetbrains_fixes_26_security_problems/
Splunk Releases Patch for Multiple Vulnerabilities (CVE-2024-29945 & CVE-2024-29946) within its Enterprise and Cloud Products
Splunk has identified two (2) high-severity vulnerabilities that are capable of allowing an attacker to obtain the enterprise authentication token and abuse the Splunk dashboard by inserting specialized commands to further malicious activities. CVE-2024-29945 has a CVSS score of 7.2 out of a possible 10 and is a vulnerability within Enterprise that allows an attacker to steal the authentication token. This is accomplished as the authentication token is exposed during the debugging mode process and can allow a threat actor to gain access to sensitive data within the platform. Please note that CVE-2024-29945 only affects Splunk Enterprise and not the Splunk Cloud Platform. CVE-2024-29946 has a CVSS score of 8.1 out of a possible 10 and can allow an attacker to input custom commands within the search function of the dashboard. By bypassing safeguards and searching with custom commands directly within Splunk Web, attackers can successfully copy, delete or exfiltrate data within a victim organization.
Affected Versions:
Splunk Enterprise
- 9.2
- 9.1
- 9.0
Splunk Cloud Platform
- Prior to 9.1.2312.100
More Information/Reading
- https://www.securityweek.com/splunk-patches-vulnerabilities-in-enterprise-product/
- https://cybersecuritynews.com/splunk-vulnerabilities-spl-safeguards/
- https://advisory.splunk.com/advisories
Critical Vulnerability in WordPress Plugin 'LayerSlider' Could Lead to Exfiltration of Data
WordPress disclosed a critical vulnerability in the plugin, LayerSlider, which could result in threat actors stealing sensitive data from a victim organization. LayerSlider is a graphical designer tool that allows editors to create dynamic visual content for their websites. The WordPress plugin has millions of active installations and is vulnerable to CVE-2024-2879, an SQL code injection vulnerability. This flaw allows an unauthenticated attacker to execute web scripts due to poor input validation. Beyond data exfiltration, a threat actor may also utilize this vulnerability to redirect unsuspecting victims to harmful sites. CVE-2024-2879 received a CVSS score of 9.8 out of a possible 10.
Affected Versions:
7.9.11 - 7.10.0
More Reading/Information
- https://layerslider.com/release-log/
- https://www.securityweek.com/critical-vulnerability-found-in-layerslider-plugin-installed-on-a-million-wordpress-sites/
- https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/layerslider/layerslider-7911-7100-unauthenticated-sql-injection
Security Updates Released for Google Chrome Desktop Browser and Android Products
There were security updates released for vulnerabilities found in Google Chrome and Android.
Google Chrome had a total of three (3) vulnerabilities, all of which were given a severity rating of "High." The most severe can allow an attacker to access memory and modify data due to an "out of bounds memory access issue".
Android released updates to address twenty-eight (28) vulnerabilities, with one (1) given a severity rating of "Critical." The most severe is being tracked as CVE-2023-28582 and is a vulnerability within Qualcomm that affects potential memory corruptions within the device that may lead to data integrity issues.
These vulnerabilities affect Android OS security patch levels prior to 2024-04-05.
More Reading/Information
- https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2024-bulletin.html
- https://chromereleases.googleblog.com/
- https://source.android.com/docs/security/bulletin/2024-04-01#2024-04-05-security-patch-level-vulnerability-details
- https://www.securityweek.com/google-patches-exploited-pixel-vulnerabilities/
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
