In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 14-15, 2024.
During this period, The National Vulnerability Database published 211, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 35
Medium: 88
Low: 10
Severity Not Assigned: 76
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-24691
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-24697
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description: Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-25535
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description:
Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023
References: https://www.dell.com/support/kbdoc/en-us/000211410/dell-supportassist-for-home-pcs-security-update-for-installer-executable-file-for-local-privilege-escalation-lpe-vulnerability
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-44283
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.
References: https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-22293
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-22342
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-25777
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-33875
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-34351
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00954.html
CWE-ID: CWE-124
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-35121
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler software before version 2023.2.1 may allow authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-39425
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-39941
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00998.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-6441
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection.This issue affects University Information System: before 12.12.2023.
References: https://www.usom.gov.tr/bildirim/tr-24-0102
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-5123
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path.
This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) https://example.com/api/admin_api/) .
In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability.
References: https://grafana.com/security/security-advisories/cve-2023-5123/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-27975
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description:
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure Control Expert when a local user tampers with the
memory of the engineering workstation.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
CWE-ID: CWE-522
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6408
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description:
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
CWE-ID: CWE-924
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-6409
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description:
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized
access to a project file protected with application password when opening the file with
EcoStruxure Control Expert.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-0568
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering
of device configuration over NFC communication.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-21763
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137521
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-21771
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137595
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-21789
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137270
CWE-ID: CWE-772
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-21849
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000135873
CWE-ID: CWE-466
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-22093
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137522
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-22389
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K32544615
CWE-ID: CWE-613
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-23308
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137416
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-23314
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137675
CWE-ID: CWE-908
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-23805
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled.
Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137334
CWE-ID: CWE-131
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-23979
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000134516
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-23982
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000135946
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-24775
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137333
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-24989
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000138444
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-24990
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000138445
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-48229
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the "develop" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741.
References: https://github.com/contiki-ng/contiki-ng/pull/2741
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-50926
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721.
References: https://github.com/contiki-ng/contiki-ng/pull/2721
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-50927
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484.
References: https://github.com/contiki-ng/contiki-ng/pull/2484
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-1482
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-1367
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
References: https://www.tenable.com/security/tns-2024-02
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 14-15, 2024.
During this period, The National Vulnerability Database published 211, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 35
Medium: 88
Low: 10
Severity Not Assigned: 76
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-24691
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-24697
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description: Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
References: https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/
CWE-ID: CWE-426
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-25535
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.6
Impact Score: 6.0
Description:
Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023
References: https://www.dell.com/support/kbdoc/en-us/000211410/dell-supportassist-for-home-pcs-security-update-for-installer-executable-file-for-local-privilege-escalation-lpe-vulnerability
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-44283
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.
References: https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-22293
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-22342
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-25777
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-33875
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.0
Description: Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-34351
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00954.html
CWE-ID: CWE-124
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-35121
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.1
Impact Score: 6.0
Description: Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler software before version 2023.2.1 may allow authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-39425
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 6.0
Description: Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-39941
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00998.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-6441
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection.This issue affects University Information System: before 12.12.2023.
References: https://www.usom.gov.tr/bildirim/tr-24-0102
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-5123
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path.
This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) https://example.com/api/admin_api/) .
In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability.
References: https://grafana.com/security/security-advisories/cve-2023-5123/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-27975
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description:
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure Control Expert when a local user tampers with the
memory of the engineering workstation.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
CWE-ID: CWE-522
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-6408
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description:
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
CWE-ID: CWE-924
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-6409
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description:
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized
access to a project file protected with application password when opening the file with
EcoStruxure Control Expert.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-0568
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description:
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering
of device configuration over NFC communication.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-21763
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137521
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-21771
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137595
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-21789
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137270
CWE-ID: CWE-772
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-21849
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References: https://my.f5.com/manage/s/article/K000135873
CWE-ID: CWE-466
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-22093
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137522
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-22389
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K32544615
CWE-ID: CWE-613
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-23308
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137416
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-23314
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137675
CWE-ID: CWE-908
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-23805
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled.
Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137334
CWE-ID: CWE-131
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-23979
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000134516
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-23982
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000135946
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-24775
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000137333
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-24989
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000138444
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-24990
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References: https://my.f5.com/manage/s/article/K000138445
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-48229
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the "develop" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741.
References: https://github.com/contiki-ng/contiki-ng/pull/2741
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rcwv-xwc9-5hp2
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-50926
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721.
References: https://github.com/contiki-ng/contiki-ng/pull/2721
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-jp4p-fq85-jch2
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-50927
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484.
References: https://github.com/contiki-ng/contiki-ng/pull/2484
https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-9423-rgj4-wjfw
CWE-ID: CWE-125
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-1482
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-1367
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description:
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
References: https://www.tenable.com/security/tns-2024-02
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found