Exploit Warning | OSG: Bits, Bytes and Packets

Category Archives: Exploit Warning

Palo Alto updates patching guidance for command injection vulnerability

April 16, 2024 – 5:27 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, HAck, Patch Available, POC, Vulnerability
Tagged CVSS Score 10.0, Operation MidnightEclipse, Palo Alto, PAN-252214, PAN-OS, Unit-42
Leave a Comment

https://security.paloaltonetworks.com/CVE-2024-3400

This is a command injection vulnerability that enabled an unauthenticated attacker to execute code with root privileges. POC has been released publicly.

Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.

You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

https://unit42.paloaltonetworks.com/cve-2024-3400

SQL Injection vulnerability in Ivanti endpoint Manager is patched

January 9, 2024 – 4:59 pm
Posted in Computers and Internet, Cyber security, Endpoint Security, Exploit Warning, Patch Available, Patch Management, Vulnerability, Vulnerability Management
Tagged CVE-2023-39336, EPM, Ivanti, Ivanti Endpoint Manager, SQL Express, SQL Injection
Leave a Comment

https://www.bankinfosecurity.com/ivanti-patches-critical-endpoint-security-vulnerability-a-24046

Google plugs Chrome Zero-Day hole that is actively being exploited in the wild.

December 21, 2023 – 10:10 pm
Posted in Computers and Internet, Cyber security, Exploit Warning, Google, Patch Available, Vulnerability, Zero Day
Tagged Chrome, CVE-2023-7024, heap-based buffer overflow, thehackernews.com
Leave a Comment

This is said to be a heap buffer overflow flaw in the WebRTC framework according to Google.

A heap buffer overflow is a software code vulnerability that can be faulted or exploited by a bad actor, which can cause unintended consequences including a blue screen of death (BSOD, unauthorized access, or Denial of Service (DoS). The overflow generally occurs when the allotted storage capacity is exceeded by the volume of data.

More can be read at thehackernews.com here:

Report: Comcast waits on critical Citrix zero-day vulnerability and loses data for 36 million customers. Change passwords now.

December 20, 2023 – 12:59 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, HAck, Patch Available, Privacy, Privacy Alert, Social Engineering, Technology, Vulnerability, Vulnerability Management
Tagged Citrix, Citrix ADC, Citrix Bleed, Comcast, CVE-2023-4966, Xfinity
Leave a Comment

https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/

Customer data including PII and security questions have been taken.

RCE Vulnerability in Apache Struts2

December 12, 2023 – 3:10 pm
Posted in Computers and Internet, Cyber security, Exploit Warning, Patch Available, Technology, Vulnerability, Vulnerability Management
Tagged Apache, Apache Struts, Apache Struts2, CVE-2023-50164, RCE
Leave a Comment

There is a new vulnerability in Apache Struts2.

If you don’t know, previous vulnerabilities were devastating to infrastructures; to the extent that we still see the attack vector being attempted. Affected versions are:

Apache Struts 2.0.0 through 2.5.32
Apache Struts 6.0.0 through 6.3.0.1

Apache Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

Ivanti Connect Secure/Pulse Secure

December 9, 2023 – 5:05 pm
Posted in Attacks, Business Continuity, CISA, Computers and Internet, Cyber security, Exploit Warning, Patch Available, Technology, VPN, Vulnerability Management
Tagged Bleepingcomputer.com, Ivanti, Ivanti Connect Secure, Pulse Secure
Leave a Comment

If you are not caught up on patches, get so quickly. In addition to password spraying, we are seeing a large pickup in exploit attempts. The most recent version is Release 9.1R18.2 PRs. You can find the notes here: https://help.ivanti.com/ps/help/en_US/ICS/9.1RX/rn-9.1R18.2/fixed-issues.htm. It was only May, 2021 when actors were exploiting zero-days. The impact of that vulnerability caused Pulse Secure to release an Integrity Tool to check if files had been modified on the appliances.

Now might be a good time to refamiliarize yourself with the tool if you are not familiar https://forums.ivanti.com/s/article/KB44755?language=en_US

Ivanti Best Practices Guide https://forums.ivanti.com/s/article/KB29805?language=en_US&kA1j0000000Fil5=

Over 20k Microsoft Exchange servers risked in exploitable vulnerabilities

December 2, 2023 – 6:58 pm
Posted in Attacks, Computers and Internet, Cyber security, End of Life, Exchange, Exploit Warning, Microsoft, Microsoft Patches, Patch Available, Technology, Vulnerability, Vulnerability Management
Tagged Bleepingcomputer.com, CVE-2020-0688, CVE-2021-26855, CVE-2021-27065, CVE-2022-41082, CVE-2023-21529, CVE-2023-36439, CVE-2023-36745, proxylogon, RCE
Leave a Comment

https://www.bleepingcomputer.com/news/security/over-20-000-vulnerable-microsoft-exchange-servers-exposed-to-attacks/

Some of these CVEs go back years, including the days of ProxyLogon shell attacks. All these have patches available. There are some 30.5k unsupported versions of Exchange as of November, 2023. Read more here.