In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 14-15, 2024.
During this period, The National Vulnerability Database published 71, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 13
Medium: 26
Low: 3
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1222
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.
References: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-1654
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.
References: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024
CWE-ID: CWE-183
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-1882
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.
References: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-1623
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/insufficient-session-timeout-vulnerability-sagemcom-router
CWE-ID: CWE-613
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-50168
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
References: https://support.pega.com/support-doc/pega-security-advisory-a24-vulnerability-remediation-note
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-32282
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00929.html
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-32666
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00986.html
CWE-ID: CWE-1191
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-28181
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications. Commands verify that the class must be a `Command` and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more strictly enforce which methods are considered safe before allowing them to be executed. This issue has been addressed in versions 0.1.3, and 0.2.2. Users are advised to upgrade. Users unable to upgrade should see the repository GHSA for workaround advice.
References: https://github.com/hopsoft/turbo_boost-commands/commit/88af4fc0ac39cc1799d16c49fab52f6dfbcec9ba
https://github.com/hopsoft/turbo_boost-commands/security/advisories/GHSA-mp76-7w5v-pr75
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-22346
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/280203
https://www.ibm.com/support/pages/node/7140499
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-27266
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/284566
https://www.ibm.com/support/pages/node/7141270
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-27301
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#!/bin/zsh` is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file `$HOME/.zshenv` when the `postinstall` script is executed.
An attacker could add malicious code to `$HOME/.zshenv` and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/root3nl/SupportApp/commit/e866b2aa4028f6a982977f462c0f7550d952c5d0
https://github.com/root3nl/SupportApp/security/advisories/GHSA-jr78-247f-rhqc
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-0860
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description:
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-1713
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.
References: https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4
CWE-ID: CWE-394
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 14-15, 2024.
During this period, The National Vulnerability Database published 71, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 13
Medium: 26
Low: 3
Severity Not Assigned: 29
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1222
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.
References: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-1654
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.
References: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024
CWE-ID: CWE-183
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-1882
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.
References: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-1623
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/insufficient-session-timeout-vulnerability-sagemcom-router
CWE-ID: CWE-613
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-50168
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.0
Description: Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
References: https://support.pega.com/support-doc/pega-security-advisory-a24-vulnerability-remediation-note
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-32282
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00929.html
CWE-ID: CWE-367
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-32666
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 5.8
Description: On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00986.html
CWE-ID: CWE-1191
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-28181
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications. Commands verify that the class must be a `Command` and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more strictly enforce which methods are considered safe before allowing them to be executed. This issue has been addressed in versions 0.1.3, and 0.2.2. Users are advised to upgrade. Users unable to upgrade should see the repository GHSA for workaround advice.
References: https://github.com/hopsoft/turbo_boost-commands/commit/88af4fc0ac39cc1799d16c49fab52f6dfbcec9ba
https://github.com/hopsoft/turbo_boost-commands/security/advisories/GHSA-mp76-7w5v-pr75
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-22346
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/280203
https://www.ibm.com/support/pages/node/7140499
CWE-ID: CWE-264
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-27266
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/284566
https://www.ibm.com/support/pages/node/7141270
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-27301
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#!/bin/zsh` is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file `$HOME/.zshenv` when the `postinstall` script is executed.
An attacker could add malicious code to `$HOME/.zshenv` and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/root3nl/SupportApp/commit/e866b2aa4028f6a982977f462c0f7550d952c5d0
https://github.com/root3nl/SupportApp/security/advisories/GHSA-jr78-247f-rhqc
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-0860
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description:
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
CWE-ID: CWE-319
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-1713
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.3
Description: A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.
References: https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4
CWE-ID: CWE-394
Common Platform Enumerations (CPE): Not Found