In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 22-23, 2024.
During this period, The National Vulnerability Database published 61, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 7
Medium: 20
Low: 4
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-23768
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later.
References: https://docs.dremio.com/current/reference/bulletins/2024-01-12-01
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21484
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.
Workaround
This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
References: https://github.com/kjur/jsrsasign/issues/598
https://github.com/kjur/jsrsasign/releases/tag/11.0.0
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
CWE-ID: CWE-203
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-22233
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC
* Spring Security 6.1.6+ or 6.2.1+ is on the classpath
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
References: https://spring.io/security/cve-2024-22233/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0778
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
References: https://github.com/dezhoutorizhao/cve/blob/main/rce.md
https://vuldb.com/?ctiid.251696
https://vuldb.com/?id.251696
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
5. CVE-2022-45790
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
6. CVE-2022-45792
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
References: https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0204
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
References: https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
https://www.fortra.com/security/advisory/fi-2024-001
CWE-ID: CWE-425
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-23678
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.
References: https://advisory.splunk.com/advisories/SVD-2024-0108
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 22-23, 2024.
During this period, The National Vulnerability Database published 61, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 7
Medium: 20
Low: 4
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-23768
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later.
References: https://docs.dremio.com/current/reference/bulletins/2024-01-12-01
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21484
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.
Workaround
This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
References: https://github.com/kjur/jsrsasign/issues/598
https://github.com/kjur/jsrsasign/releases/tag/11.0.0
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
CWE-ID: CWE-203
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-22233
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
* the application uses Spring MVC
* Spring Security 6.1.6+ or 6.2.1+ is on the classpath
Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
References: https://spring.io/security/cve-2024-22233/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0778
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
References: https://github.com/dezhoutorizhao/cve/blob/main/rce.md
https://vuldb.com/?ctiid.251696
https://vuldb.com/?id.251696
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
5. CVE-2022-45790
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
6. CVE-2022-45792
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
References: https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0204
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
References: https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml
https://www.fortra.com/security/advisory/fi-2024-001
CWE-ID: CWE-425
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-23678
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.
References: https://advisory.splunk.com/advisories/SVD-2024-0108
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found