The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813 [Guest Diary]

Published: 2024-12-11. Last Updated: 2024-12-11 01:56:21 UTC

by Guy Bruneau (Version: 1)

[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program]

Background

In April 2020, at the height of the global pandemic, virtualization was in high demand. During that time, vSphere 7.0 was released. With that release, had two unknown vulnerabilities – a match made in heaven for threat actors. It wasn’t until June 2024 that China’s TZL security researchers revealed CVE-2024-38812 and CVE-2024-38813 at China’s 2024 Matrix Cup – a hacking contest. Since then, both vulnerabilities were published and patched in September, however one of those patches required a hotfix just a month later (CVE-2024-38812).

Findings

The reason that this is a topic of conversation is because I noticed an intermittent pattern of reconnaissance of possible vSphere related web traffic over the course of the last 3.5 months ...

Read the complete entry:

https://isc.sans.edu/diary/Vulnerability+Symbiosis+vSpheres+CVE202438812+and+CVE202438813+Guest+Diary/31510/

Microsoft Patch Tuesday: December 2024

Published: 2024-12-10.

Last Updated: 2024-12-10 18:39:33 UTC

by Johannes Ullrich (Version: 1)

Microsoft today released patches for 71 vulnerabilities. 16 of these vulnerabilities are considered critical. One vulnerability (CVE-2024-49138) has already been exploited, and details were made public before today's patch release.

Significant Vulnerabilities

CVE-2024-49138: This vulnerability affects the Windows Common Log File System Driver, a subsystem affected by similar privilege escalation vulnerabilities in the past. The only reason I consider this "significant" is that it is already being exploited.

Windows Remote Desktop Services: 9 of the 16 critical vulnerabilities affect Windows Remote Desktop Services. Exploitation may lead to remote code execution. Microsoft considers the exploitation of these vulnerabilities less likely. Even without considering these vulnerabilities, Windows Remote Desktop Service should not be exposed to the internet.

LDAP: Remote code execution vulnerabilities in the LDAP service are always "interesting" given the importance of LDAP as part of Active Directory. Two critical vulnerabilities are patched for LDAP. One with a CVSS score of 9.8. A third critical vulnerability affects the LDAP client.

CVE-2024-49126: LSASS vulnerabilities always make me reminisce of the "Blaster" worm and the related vulnerability back in the day. This one does involve a race condition, which will make exploitation more difficult. It could become an interesting lateral movement vulnerability if a reliable exploit materializes ...

Read the complete entry:

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+December+2024/31508/

CURLing for Crypto on Honeypots (2024.12.09)

https://isc.sans.edu/diary/CURLing+for+Crypto+on+Honeypots/31502/

[Guest Diary] Business Email Compromise (2024.12.05)

https://isc.sans.edu/diary/Guest+Diary+Business+Email+Compromise/31474/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.

Product: VMware vCenter Server

CVSS Score: 0

** KEV since 2024-11-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812

ISC Diary: https://isc.sans.edu/diary/31510

CVE-2024-38813 - The vCenter Server is vulnerable to privilege escalation, allowing a malicious actor to gain root access through a specially crafted network packet.

Product: VMware vCenter Server

CVSS Score: 0

** KEV since 2024-11-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38813

ISC Diary: https://isc.sans.edu/diary/31510

CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability

Product: Microsoft Windows Task Scheduler

CVSS Score: 0

** KEV since 2024-11-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49039

ISC Podcast: https://isc.sans.edu/podcastdetail/9240

CVE-2024-49138 - Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.

Product: Windows Microsoft Windows Common Log File System (CLFS) driver

CVSS Score: 7.8

** KEV since 2024-12-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49138

CVE Record: https://www.cve.org/CVERecord?id=CVE-2024-49138

ISC Diary: https://isc.sans.edu/diary/31508

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

MSRC References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138

CVE-2024-11639 - Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access through an authentication bypass in the admin web console.

Product: Ivanti CSA

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11639

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773

CVE-2024-11772 - Ivanti CSA before version 5.0.3 is vulnerable to command injection, enabling a remote authenticated attacker with admin privileges to execute remote code.

Product: Ivanti CSA

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11772

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773

CVE-2024-11773 - Ivanti CSA before version 5.0.3 is vulnerable to SQL injection in the admin web console, enabling a remote attacker with admin privileges to execute arbitrary SQL queries.

Product: Ivanti CSA

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11773

ISC Podcast: https://isc.sans.edu/podcastdetail/9250

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773

CVE-2024-11633 - Ivanti Connect Secure prior to 22.7R2.4 allows admin privileged attackers to remotely execute code by injecting arguments into arguments.

Product: Ivanti Connect Secure

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11633

NVD References: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs

CVE-2024-11634 - Ivanti Connect Secure and Ivanti Policy Secure versions before 22.7R2.3 and 22.7R1.2 allow remote attackers with admin privileges to execute code remotely.

Product: Ivanti Connect Secure

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11634

NVD References: https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs

CVE-2024-11317 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to session fixation vulnerabilities, enabling attackers to manipulate session identifiers and potentially take over user sessions before login.

Product: ABB ASPECT Enterprise

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11317

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-48839 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to a vulnerability that may allow for Remote Code Execution due to improper input validation.

Product: ABB ASPECT Enterprise

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48839

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-48840 - Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Product: ABB ASPECT Enterprise

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48840

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-48845 - ABB ASPECT - Enterprise v3.07.02, NEXUS Series v3.07.02, and MATRIX Series v3.07.02 have weak password reset rules allowing for the storage of easily guessable passwords, potentially leading to unauthorized access.

Product: ABB ASPECT Enterprise

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48845

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-51545 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are vulnerable to Username Enumeration, allowing unauthorized access to application usernames.

Product: ABB ASPECT Enterprise

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51545

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-51548 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are vulnerable to dangerous file upload vulnerabilities that allow for the upload of malicious scripts.

Product: ABB ASPECT Enterprise

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51548

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-51549 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to Absolute File Traversal vulnerabilities, enabling unauthorized access and modification to unintended resources.

Product: ABB ASPECT Enterprise

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51549

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-51550 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to data validation/data sanitization vulnerabilities allowing unvalidated and unsanitized data injection.

Product: ABB ASPECT Enterprise

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51550

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-51551 - ABB ASPECT on Linux is vulnerable to default credential issues, granting unauthorized access to the product.

Product: ABB ASPECT

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51551

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-51554 - ABB ASPECT on Linux is vulnerable to default credential exploitation, allowing unauthorized access to the system.

Product: ABB ASPECT

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51554

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-51555 - ABB ASPECT, NEXUS Series, and MATRIX Series devices are vulnerable to default credential exploitation due to lack of requirement for password change upon installation.

Product: ABB ASPECT

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51555

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-6515 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 web browser interface may expose credentials due to clear text or Base64 encoding.

Product: ABB ASPECT Enterprise

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6515

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-6516 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are vulnerable to Cross Site Scripting attacks, allowing for malicious scripts to be injected into client browsers.

Product: ABB ASPECT Enterprise

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6516

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-6784 - ABB ASPECT - Enterprise v3.08.02, NEXUS Series v3.08.02, and MATRIX Series v3.08.02 are susceptible to Server-Side Request Forgery vulnerabilities, allowing for unauthorized access to resources and unintended information disclosure.

Product: ABB ASPECT Enterprise

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6784

NVD References: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch

CVE-2024-35286 - NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 is vulnerable to SQL injection attacks, potentially granting attackers access to sensitive data and allowing them to execute malicious operations.

Product: Mitel MiCollab

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35286

ISC Podcast: https://isc.sans.edu/podcastdetail/9244

CVE-2024-41713 - Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) is vulnerable to an unauthenticated path traversal attack, allowing unauthorized access to view, corrupt, or delete user data and system configurations.

Product: Mitel MiCollab

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41713

ISC Podcast: https://isc.sans.edu/podcastdetail/9244

CVE-2024-37861 & CVE-2024-37863 - Open Robotics Robotic Operating System 2 (ROS2) and Nav2 contain buffer overflow vulnerabilities in the nav2_amcl process when a crafted .yaml file is sent.

Product: Open Robotics Robotic Operating System 2 (ROS2)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37861

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37863

NVD References:

- https://github.com/GoesM/ROS-CVE-CNVDs

- https://github.com/ros-navigation/navigation2/issues/4005

- https://github.com/ros-navigation/navigation2/issues/4335

- https://github.com/ros-navigation/navigation2/issues/4337

- https://github.com/ros-navigation/navigation2/issues/4338

CVE-2024-38920 - Open Robotics Robotic Operating System 2 (ROS2) and Nav2 are vulnerable to use-after-free via the nav2_amcl process triggered by remote requests to change the dynamic parameter `/amcl max_beams`.

Product: Open Robotics Robotic Operating System 2 (ROS2)

CVSS Score: 9.1 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38920

NVD References:

- https://github.com/GoesM/ROS-CVE-CNVDs

- https://github.com/ros-navigation/navigation2/issues/4379

- https://github.com/ros-navigation/navigation2/pull/4397

CVE-2024-41647 - Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble is vulnerable to insecure permissions which allows an attacker to execute arbitrary code with a crafted script.

Product: Open Robotics Robotic Operating System 2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41647

NVD References:

- https://github.com/GoesM/ROS-CVE-CNVDs

- https://github.com/ros-navigation/navigation2/issues/4436

- https://github.com/ros-navigation/navigation2/pull/4463

CVE-2024-54135 & CVE-2024-54136 - ClipBucket V5 PHP Deserialization vulnerabilities

Product: ClipBucket-V5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54135

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54136

NVD References:

- https://github.com/MacWarrior/clipbucket-v5/commit/76a829c088f0813ab3244a3bd0036111017409b0

- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-4523-mqmv-wrqx

- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-vxvf-5cmq-5f78

CVE-2024-55636, CVE-2024-55637, CVE-2024-55638 - Drupal Core is vulnerable to object injection through deserialization of untrusted data.

Product: Drupal Core

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55636

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55637

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55638

NVD References: https://www.drupal.org/sa-core-2024-006

NVD References: https://www.drupal.org/sa-core-2024-007

NVD References: https://www.drupal.org/sa-core-2024-008

CVE-2024-10905 - IdentityIQ is vulnerable to HTTP access to static content in its application directory that should be protected in versions 8.4 and prior.

Product: SailPoint IdentityIQ

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10905

ISC Podcast: https://isc.sans.edu/podcastdetail/9242

CVE-2024-52544 - DP Service is vulnerable to a stack-based buffer overflow on TCP port 3500, but the issue has been fixed in firmware version 2.800.0000000.8.R.20241111.

Product: DPtech DP Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52544

NVD References:

- https://github.com/sfewer-r7/LorexExploit

- https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/

CVE-2024-47578 - Adobe Document Service is vulnerable to Server-Side Request Forgery, allowing an attacker with administrator privileges to read or modify files and potentially make the entire system unavailable.

Product: Adobe Document Service

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47578

NVD References:

- https://me.sap.com/notes/3536965

- https://url.sap/sapsecuritypatchday

CVE-2024-54032 - Adobe Connect versions 12.6, 11.4.7 and earlier are vulnerable to stored Cross-Site Scripting (XSS) attacks, allowing attackers to inject and execute malicious scripts in victim's browsers.

Product: Adobe Connect

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54032

NVD References: https://helpx.adobe.com/security/products/connect/apsb24-99.html

CVE-2024-54661 - readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.

Product: socat readline.sh

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54661

NVD References: https://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/readline.sh#l29

CVE-2024-40744 - Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.

Product: Joomla Convert Forms

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40744

NVD References: https://www.tassos.gr/joomla-extensions/convert-forms

CVE-2024-53908 - Django versions 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17 are vulnerable to SQL injection when using direct usage of django.db.models.fields.json.HasKey lookup with untrusted data on an Oracle database.

Product: Django

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53908

NVD References:

- https://docs.djangoproject.com/en/dev/releases/security/

- https://groups.google.com/g/django-announce

- https://www.openwall.com/lists/oss-security/2024/12/04/3

CVE-2024-37143 - Dell PowerFlex appliances, racks, custom nodes, InsightIQ, and Data Lakehouse versions prior to specified releases contain an Improper Link Resolution Before File Access vulnerability, allowing unauthenticated remote attackers to potentially execute arbitrary code on the system.

Product: Dell PowerFlex

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37143

NVD References: https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities

CVE-2024-5660 - Travis hardware vulnerability may allow bypass of Stage-2 translation and/or GPT protection.

Product: Armv8 Arm processors

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5660

NVD References: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660

CVE-2024-12286 - MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

Product: MOBATIME Network Master Clock - DTS 4801

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12286

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01

CVE-2024-54920 - Kashipara E-learning Management System v1.0 contains a SQL Injection vulnerability in /teacher_signup.php that can be exploited by remote attackers to gain unauthorized database access.

Product: Lopalopa E-Learning Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54920

NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20Signup%20teacher.pdf

CVE-2024-55560 - MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.

Product: MailCleaner

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55560

NVD References:

- https://github.com/MailCleaner/MailCleaner/commit/28d913eaa044b689eb114f72ebe92d48cb4aaca7

- https://github.com/MailCleaner/MailCleaner/wiki/Watchdogs#host_keys

- https://www.mailcleaner.net/infobox/mc-info-box.php

CVE-2024-55564 - The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.

Product: Perl POSIX::2008

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55564

NVD References: https://metacpan.org/dist/POSIX-2008/changes

CVE-2024-54747 - WAVLINK WN531P3 202383 has a hardcoded password vulnerability in /etc/shadow, enabling unauthorized root access.

Product: WAVLINK WN531P3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54747

NVD References:

- https://colorful-meadow-5b9.notion.site/WN531P3_HardCode_vuln-14ac216a1c30805c9b4dd59028d866cc?pvs=73

- https://docs.wavlink.xyz/Firmware_ch/fm-531p3/

CVE-2024-54750 - Ubiquiti U6-LR 6.6.65 has a hardcoded password vulnerability in /etc/shadow, enabling unauthorized access to root.

Product: Ubiquiti U6-LR

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54750

NVD References: https://colorful-meadow-5b9.notion.site/U6-LR_HardCode_vuln-14bc216a1c30806487ebdda3bb984e91?pvs=4

CVE-2024-47547 - Ruijie Reyee OS versions up to 2.320.x have a weak password change mechanism, making authentication vulnerable to brute force attacks.

Product: Ruijienetworks Reyee OS

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47547

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

CVE-2024-48874 - Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x allow attackers to control proxy servers and access internal services and cloud infrastructure via AWS metadata services.

Product: Ruijienetworks Reyee OS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48874

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

CVE-2024-52324 - Ruijie Reyee OS versions 2.206.x up to 2.320.x are vulnerable to execution of arbitrary OS commands via malicious MQTT messages.

Product: Ruijienetworks Reyee OS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52324

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

CVE-2024-48871 - Planet WGS-804HPT: Version v1.305b210531 is vulnerable to a stack-based buffer overflow, allowing unauthenticated attackers to potentially execute remote code by sending a malicious HTTP request.

Product: Planet WGS-804HPT: Version v1.305b210531

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48871

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02

- https://www.planet.com.tw/en/support/downloads?method=keyword&keyword=v1.305b241111

CVE-2024-52320 - Product X is vulnerable to command injection, allowing unauthenticated attackers to execute remote code via malicious HTTP requests.

Product: Comodo Dome Firewall

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52320

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02

- https://www.planet.com.tw/en/support/downloads?method=keyword&keyword=v1.305b241111

CVE-2024-52335 - syngo.plaza VB30E (All versions < VB30E_HF05) fails to properly sanitize input data, potentially allowing an attacker to execute malicious SQL commands and compromise the entire database.

Product: Siemens syngo.plaza

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52335

NVD References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-160244

CVE-2024-10773 - Hikvision IP cameras are vulnerable to pass-the-hash attacks and hardcoded credentials, allowing attackers to gain full device access through hidden user levels.

Product: Hikvision IP cameras

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10773

NVD References:

- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

- https://sick.com/psirt

- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

- https://www.first.org/cvss/calculator/3.1

- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.json

- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0006.pdf

CVE-2024-12155 - The SV100 Companion plugin for WordPress allows for unauthorized data modification, leading to privilege escalation and potential administrator access for attackers.

Product: Wordfence SV100 Companion plugin

Active Installations: This plugin has been closed as of December 5, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12155

NVD References:

- https://plugins.trac.wordpress.org/browser/sv100-companion/trunk/lib/modules/sv_settings/sv_settings.php#L47

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c244eb33-acaf-460b-ae1d-6688b21cc60f?source=cve

CVE-2024-51615 - WordPress Auction Plugin is vulnerable to SQL Injection from version n/a through 3.7, exposing users to potential data breaches.

Product: Owen Cutajar & Hyder Jaffari WordPress Auction Plugin

Active Installations: This plugin has been closed as of Disambor 2, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51615

NVD References: https://patchstack.com/database/wordpress/plugin/wp-auctions/vulnerability/wordpress-wordpress-auction-plugin-plugin-3-7-sql-injection-vulnerability?_s_id=cve

CVE-2024-51815 - WP Sharks s2Member Pro through version 241114 is vulnerable to Code Injection.

Product: WP Sharks s2Member Pro

Active Installations: 10,000+

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51815

NVD References: https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-53810 - Najeeb Ahmad Simple User Registration is vulnerable to missing authorization, allowing unauthorized access to functionality not restricted by access control lists from versions n/a through 5.5.

Product: Najeeb Ahmad Simple User Registration

Active Installations: 400+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53810

NVD References: https://patchstack.com/database/wordpress/plugin/wp-registration/vulnerability/wordpress-simple-user-registration-plugin-5-5-broken-access-control-on-user-deletion-vulnerability?_s_id=cve

CVE-2024-12209 - The WP Umbrella plugin for WordPress is vulnerable to Local File Inclusion through the 'filename' parameter, allowing unauthenticated attackers to execute arbitrary files on the server and potentially gain sensitive data or achieve code execution.

Product: The WP Umbrella Update Backup Restore & Monitoring plugin

Active Installations: 30,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12209

NVD References:

- https://plugins.trac.wordpress.org/browser/wp-health/tags/v2.16.4/src/Actions/RestoreRouter.php#L45

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3202883%40wp-health&new=3202883%40wp-health&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474?source=cve

CVE-2023-32117 - Integrate Google Drive missing authorization vulnerability allows exploiting incorrectly configured access control security levels.

Product: SoftLab Integrate Google Drive

Active Installations: 7,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32117

NVD References: https://patchstack.com/database/wordpress/plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-1-99-unauthenticated-broken-access-control-vulnerability?_s_id=cve

CVE-2024-53822 - Genetech Pie Register Premium is vulnerable to unrestricted upload of dangerous file types before version 3.8.3.3.

Product: Genetech Pie Register Premium

Active Installations: 2,000+

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53822

NVD References: https://patchstack.com/database/wordpress/plugin/pie-register-premium/vulnerability/wordpress-pie-register-premium-plugin-3-8-3-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-54221 - Roninwp FAT Services Booking is vulnerable to SQL Injection from versions n/a through 5.6.

Product: Roninwp FAT Services Booking

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54221

NVD References: https://patchstack.com/database/wordpress/plugin/fat-services-booking/vulnerability/wordpress-fat-services-booking-plugin-5-6-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-54214 - Revy allows attackers to upload malicious files, such as web shells, to a server due to an unrestricted file upload vulnerability.

Product: Envato Revy

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54214

NVD References: https://patchstack.com/database/wordpress/plugin/revy/vulnerability/wordpress-revy-plugin-1-18-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-54215 - Revy is vulnerable to SQL Injection from versions n/a through 1.18.

Product: Envato Revy

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54215

NVD References: https://patchstack.com/database/wordpress/plugin/revy/vulnerability/wordpress-revy-plugin-1-18-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-43222 - Missing Authorization vulnerability in Envato Security Team Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.

Product: Envato Sweet Date

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43222

NVD References: https://patchstack.com/database/wordpress/theme/sweetdate/vulnerability/wordpress-sweet-date-more-than-a-wordpress-dating-theme-theme-3-7-3-privilege-escalation-vulnerability?_s_id=cve