VULNERA Pulse

VMware — vCenter Server

CVE-2024-38813 / Added: Nov. 20, 2024

CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 41.11

VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet.

Headlines

• Nov. 19, 2024 - CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws
• Nov. 19, 2024 - Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure
• Nov. 18, 2024 - Critical 9.8-rated VMware vCenter RCE bug under exploit
• Nov. 18, 2024 - Critical 9.8-rated VMware vCenter RCE bug under exploit
• Nov. 18, 2024 - Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
• Nov. 18, 2024 - Critical RCE bug in VMware vCenter Server now exploited in attacks
• Oct. 27, 2024 - Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
• Oct. 22, 2024 - VMware patches critical RCE, make-me-root bugs — again
• Oct. 22, 2024 - VMware fixes bad patch for critical vCenter Server RCE flaw
• Sept. 22, 2024 - Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18
• Sept. 18, 2024 - Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
• Sept. 18, 2024 - Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
• Sept. 18, 2024 - Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
• Sept. 18, 2024 - CVE-2024-38812: VMware's 9.8 Severity Security Nightmare
• Sept. 17, 2024 - VMware patches serious flaws in vCenter Server
• Sept. 17, 2024 - VMware patches serious flaws in vCenter Server
• Sept. 17, 2024 - Broadcom fixes critical RCE bug in VMware vCenter Server

Back to top ↑

VMware — vCenter Server

CVE-2024-38812 / Added: Nov. 20, 2024

CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 41.11

VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet.

Headlines

• Nov. 19, 2024 - CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws
• Nov. 19, 2024 - Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure
• Nov. 18, 2024 - Critical 9.8-rated VMware vCenter RCE bug under exploit
• Nov. 18, 2024 - Critical 9.8-rated VMware vCenter RCE bug under exploit
• Nov. 18, 2024 - Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
• Nov. 18, 2024 - Critical RCE bug in VMware vCenter Server now exploited in attacks
• Oct. 30, 2024 - SonicWall Details Dangerous RCE Bug in VMware vCenter Server - The Information Technology Daily
• Oct. 28, 2024 - THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
• Oct. 28, 2024 - Researcher Details CVE-2024-38812 (CVSS 9.8): Critical RCE Flaw in VMware vCenter
• Oct. 27, 2024 - Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
• Oct. 22, 2024 - VMware patches critical RCE, make-me-root bugs — again
• Oct. 22, 2024 - VMware fixes bad patch for critical vCenter Server RCE flaw
• Oct. 22, 2024 - VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812
• Oct. 22, 2024 - VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
• Sept. 22, 2024 - Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18
• Sept. 18, 2024 - Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
• Sept. 18, 2024 - Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
• Sept. 18, 2024 - Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
• Sept. 18, 2024 - CVE-2024-38812: VMware's 9.8 Severity Security Nightmare
• Sept. 17, 2024 - VMware patches serious flaws in vCenter Server
• Sept. 17, 2024 - VMware patches serious flaws in vCenter Server
• Sept. 17, 2024 - Broadcom fixes critical RCE bug in VMware vCenter Server

Back to top ↑

Progress — Kemp LoadMaster

CVE-2024-1212 / Added: Nov. 18, 2024

CRITICAL CVSS 9.80 EPSS Score 91.88 EPSS Percentile 99.05

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.

Headlines

• Nov. 19, 2024 - CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
• Nov. 19, 2024 - CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS
• Nov. 19, 2024 - U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
• Nov. 19, 2024 - CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws
• March 29, 2024 - 'In the Wild' Attacks Target Critical Vulnerability (CVE-2024-1212) in Progress Kemp Loadmaster
• March 20, 2024 - PoC Exploit Available for CVE-2024-1212 (CVSS 10): Patch Kemp LoadMaster Now
• Feb. 22, 2024 - CVE-2024-1212 (CVSS 10): Unauthenticated Takeover Threat in Progress Kemp LoadMaster

Back to top ↑

Palo Alto Networks — PAN-OS

CVE-2024-0012 / Added: Nov. 18, 2024

CRITICAL CVSS 9.80 EPSS Score 96.61 EPSS Percentile 99.68

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.

Headlines

• Nov. 20, 2024 - Analysis & PoC Exploits Released for Palo Alto Zero-Days - CVE-2024-0012 and CVE-2024-9474
• Nov. 19, 2024 - CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
• Nov. 19, 2024 - Palo Alto Networks patches firewall-busting zero-days
• Nov. 19, 2024 - CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS
• Nov. 19, 2024 - U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
• Nov. 18, 2024 - Palo Alto Patches Critical Zero-Day Firewall Bug
• Nov. 18, 2024 - CVE-2024-0012 and CVE-2024-9474: Actively Exploited Vulnerabilities Impact Palo Alto Networks PAN-OS
• Nov. 18, 2024 - Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
• Nov. 18, 2024 - CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

Back to top ↑

Palo Alto Networks — PAN-OS

CVE-2024-9474 / Added: Nov. 18, 2024

HIGH CVSS 7.20 EPSS Score 97.40 EPSS Percentile 99.94

Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.

Headlines

• Nov. 20, 2024 - Analysis & PoC Exploits Released for Palo Alto Zero-Days - CVE-2024-0012 and CVE-2024-9474
• Nov. 20, 2024 - CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
• Nov. 19, 2024 - CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
• Nov. 19, 2024 - Palo Alto Networks patches firewall-busting zero-days
• Nov. 19, 2024 - Palo Alto Networks Patches Critical Firewall Vulnerability
• Nov. 19, 2024 - CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS
• Nov. 19, 2024 - U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
• Nov. 18, 2024 - CVE-2024-0012 and CVE-2024-9474: Actively Exploited Vulnerabilities Impact Palo Alto Networks PAN-OS
• Nov. 18, 2024 - Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Back to top ↑

CVE-2024-0012

CRITICAL CVSS 9.80 EPSS Score 96.61 EPSS Percentile 99.68

CISA Known Exploited Actively Exploited Public Exploits Available

Published: Nov. 18, 2024

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Vendors Impacted: Paloaltonetworks, Palo Alto Networks

Product Impacted: Pan-Os

Quotes

• Tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities
• Looking at the primary Nginx route configuration – /etc/nginx/conf/locations.conf – revealed quite a limited (yet impactful) change
• Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet
• Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution
• This is a pair of bugs, described as 'authentication bypass in the management web interface' and a 'privilege escalation' respectively, strongly suggesting they are used as a chain to gain superuser access, a pattern that we've seen before with Palo Alto appliances

Headlines

• Nov. 20, 2024 - Analysis & PoC Exploits Released for Palo Alto Zero-Days - CVE-2024-0012 and CVE-2024-9474
• Nov. 19, 2024 - CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
• Nov. 19, 2024 - Palo Alto Networks patches firewall-busting zero-days
• Nov. 19, 2024 - CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS
• Nov. 19, 2024 - U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
• Nov. 18, 2024 - Palo Alto Patches Critical Zero-Day Firewall Bug
• Nov. 18, 2024 - CVE-2024-0012 and CVE-2024-9474: Actively Exploited Vulnerabilities Impact Palo Alto Networks PAN-OS
• Nov. 18, 2024 - Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
• Nov. 18, 2024 - CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

CVE-2024-38813

CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 41.11

CISA Known Exploited

Published: Sept. 17, 2024

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

Vendor Impacted: Vmware

Product Impacted: Vcenter Server

Quotes

• Not currently aware of exploitation 'in the wild
• Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813
• Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution

Headlines

• Nov. 19, 2024 - CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws
• Nov. 19, 2024 - Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure
• Nov. 18, 2024 - Critical 9.8-rated VMware vCenter RCE bug under exploit
• Nov. 18, 2024 - Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
• Nov. 18, 2024 - Critical RCE bug in VMware vCenter Server now exploited in attacks

CVE-2024-38812

CRITICAL CVSS 9.80 EPSS Score 0.09 EPSS Percentile 41.11

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Sept. 17, 2024

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Vendor Impacted: Vmware

Product Impacted: Vcenter Server

Quotes

• Not currently aware of exploitation 'in the wild
• Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813
• Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution

Headlines

• Nov. 19, 2024 - CISA Alert: Active Exploitation of VMware vCenter and Kemp LoadMaster Flaws
• Nov. 19, 2024 - Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure
• Nov. 18, 2024 - Critical 9.8-rated VMware vCenter RCE bug under exploit
• Nov. 18, 2024 - Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
• Nov. 18, 2024 - Critical RCE bug in VMware vCenter Server now exploited in attacks

CVE-2024-10924

CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 11.63

Remote Code Execution Public Exploits Available

Published: Nov. 15, 2024

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).

Vendor Impacted: Really-Simple-Plugins

Product Impacted: Really Simple Security

Quotes

• 8 Benefits of a Backup Service for Microsoft 365
• The vulnerability is scriptable, meaning that it can be turned into a large-scale automated attack, targeting WordPress websites
• The check_login_and_get_user() function verifies the user using the user_id and login_nonce parameters. The most significant problem and vulnerability is caused by the fact that the function returns a WP_REST_Response error in case of a failure, but this is not handled within the function. This means that even in the case of an invalid nonce, the function processing continues and invokes authenticate_and_redirect(), which authenticates the user based on the user id passed in the request, even when that user’s identity hasn’t been verified

Headlines

• Nov. 18, 2024 - THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
• Nov. 18, 2024 - Really Simple Security plugin flaw impacts 4M+ WordPress sites
• Nov. 18, 2024 - Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
• Nov. 17, 2024 - Security plugin flaw in millions of WordPress sites gives admin access

CVE-2024-9465

CRITICAL CVSS 9.10 EPSS Score 94.95 EPSS Percentile 99.38

CISA Known Exploited Public Exploits Available

Published: Oct. 9, 2024

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.

Vendors Impacted: Paloaltonetworks, Palo Alto Networks

Product Impacted: Expedition

Quotes

• Broad and significant cyber espionage campaign
• 8 Benefits of a Backup Service for Microsoft 365
• Third-party VPNs with legitimate user activity originating from these IPs to other destinations
• Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet

Headlines

• Nov. 18, 2024 - Palo Alto Patches Critical Zero-Day Firewall Bug
• Nov. 18, 2024 - THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
• Nov. 17, 2024 - Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked
• Nov. 16, 2024 - PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

CVE-2024-44308

HIGH CVSS 8.80 EPSS Score 0.04 EPSS Percentile 17.04

Risk Context N/A

Published: Nov. 20, 2024

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Quotes

• May have been actively exploited on Intel-based Mac systems
• Apple is aware of a report that this issue may have been exploited
• Regardless of product type or US sales channel, D-Link's general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease
• Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems
• The fixes provided by Apple introduce stronger checks to detect and prevent malicious activity, as well as improve how devices manage and track data during web browsing. With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organizations apply the latest patches as soon as they are able

Headlines

• Nov. 20, 2024 - Apple Urgently Patches Actively Exploited Zero-Days
• Nov. 20, 2024 - D-Link says replace vulnerable routers or risk pwnage
• Nov. 20, 2024 - Apple Issues Emergency Security Update for Actively Exploited Flaws
• Nov. 20, 2024 - Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
• Nov. 20, 2024 - Apple addressed two actively exploited zero-day vulnerabilities
• Nov. 20, 2024 - Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
• Nov. 19, 2024 - Apple fixes two zero-days used in attacks on Intel-based Macs
• Nov. 19, 2024 - CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities

CVE-2024-9463

HIGH CVSS 7.50 EPSS Score 96.23 EPSS Percentile 99.58

CISA Known Exploited Public Exploits Available

Published: Oct. 9, 2024

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Vendors Impacted: Paloaltonetworks, Palo Alto Networks

Product Impacted: Expedition

Quotes

• Broad and significant cyber espionage campaign
• 8 Benefits of a Backup Service for Microsoft 365
• Third-party VPNs with legitimate user activity originating from these IPs to other destinations
• Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet

Headlines

• Nov. 18, 2024 - Palo Alto Patches Critical Zero-Day Firewall Bug
• Nov. 18, 2024 - THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
• Nov. 17, 2024 - Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked
• Nov. 16, 2024 - PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

CVE-2024-9474

HIGH CVSS 7.20 EPSS Score 97.40 EPSS Percentile 99.94

CISA Known Exploited Actively Exploited Public Exploits Available

Published: Nov. 18, 2024

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Vendors Impacted: Paloaltonetworks, Palo Alto Networks

Product Impacted: Pan-Os

Quotes

• Tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities
• Looking at the primary Nginx route configuration – /etc/nginx/conf/locations.conf – revealed quite a limited (yet impactful) change
• Observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network
• To gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474
• Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution
• This is a pair of bugs, described as 'authentication bypass in the management web interface' and a 'privilege escalation' respectively, strongly suggesting they are used as a chain to gain superuser access, a pattern that we've seen before with Palo Alto appliances

Headlines

• Nov. 20, 2024 - Analysis & PoC Exploits Released for Palo Alto Zero-Days - CVE-2024-0012 and CVE-2024-9474
• Nov. 20, 2024 - CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
• Nov. 19, 2024 - CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
• Nov. 19, 2024 - Palo Alto Networks patches firewall-busting zero-days
• Nov. 19, 2024 - Palo Alto Networks Patches Critical Firewall Vulnerability
• Nov. 19, 2024 - CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS
• Nov. 19, 2024 - U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
• Nov. 18, 2024 - CVE-2024-0012 and CVE-2024-9474: Actively Exploited Vulnerabilities Impact Palo Alto Networks PAN-OS
• Nov. 18, 2024 - Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

CVE-2024-43451

MEDIUM CVSS 6.50 EPSS Score 0.47 EPSS Percentile 76.23

CISA Known Exploited Actively Exploited Remote Code Execution

Published: Nov. 12, 2024

NTLM Hash Disclosure Spoofing Vulnerability

Vendor Impacted: Microsoft

Products Impacted: Windows 10 1809, Windows 10 22h2, Windows 11 23h2, Windows 11 22h2, Windows Server 2025, Windows Server 2016, Windows 10 1507, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows 10 1607, Windows, Windows Server 2022, Windows 11 24h2, Windows Server 2022 23h2, Windows 10 21h2

Quotes

• Broad and significant cyber espionage campaign
• 8 Benefits of a Backup Service for Microsoft 365

Headlines

• Nov. 18, 2024 - THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
• Nov. 17, 2024 - SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20
• Nov. 17, 2024 - newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION
• Nov. 17, 2024 - Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked

CVE-2024-44309

CVSS Not Assigned EPSS Score 0.04 EPSS Percentile 17.04

Risk Context N/A

Published: Nov. 20, 2024

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Quotes

• May have been actively exploited on Intel-based Mac systems
• Apple is aware of a report that this issue may have been exploited
• Regardless of product type or US sales channel, D-Link's general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease
• Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems
• The fixes provided by Apple introduce stronger checks to detect and prevent malicious activity, as well as improve how devices manage and track data during web browsing. With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organizations apply the latest patches as soon as they are able

Headlines

• Nov. 20, 2024 - Apple Urgently Patches Actively Exploited Zero-Days
• Nov. 20, 2024 - D-Link says replace vulnerable routers or risk pwnage
• Nov. 20, 2024 - Apple Issues Emergency Security Update for Actively Exploited Flaws
• Nov. 20, 2024 - Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
• Nov. 20, 2024 - Apple addressed two actively exploited zero-day vulnerabilities
• Nov. 20, 2024 - Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
• Nov. 19, 2024 - Apple fixes two zero-days used in attacks on Intel-based Macs
• Nov. 19, 2024 - CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities