In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 07-08, 2024.
During this period, The National Vulnerability Database published 50, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 17
Medium: 19
Low: 1
Severity Not Assigned: 8
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1596
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://ninjaforms.com/extensions/file-uploads/
https://ninjaforms.com/extensions/file-uploads/?changelog=1/
https://www.wordfence.com/threat-intel/vulnerabilities/id/499a1892-12b7-49d5-b65f-4f53a968a23a?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-7112
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/booking-system/trunk/includes/calendars/class-backend-calendar-schedule.php#L441
https://plugins.trac.wordpress.org/browser/booking-system/trunk/includes/calendars/class-backend-calendar-schedule.php#L529
https://plugins.trac.wordpress.org/changeset/3147739/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5a7358cd-fec8-4a16-ae6b-14194bb63396?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-40681
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/297611
https://www.ibm.com/support/pages/node/7167732
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-36138
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
References: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-38650
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-38651
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-39714
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-39715
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-39718
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-40709
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-40710
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-40711
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-40712
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-40713
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-40714
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-40718
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-42019
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-42020
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-42021
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-42022
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-42023
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-42024
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 07-08, 2024.
During this period, The National Vulnerability Database published 50, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 17
Medium: 19
Low: 1
Severity Not Assigned: 8
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1596
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://ninjaforms.com/extensions/file-uploads/
https://ninjaforms.com/extensions/file-uploads/?changelog=1/
https://www.wordfence.com/threat-intel/vulnerabilities/id/499a1892-12b7-49d5-b65f-4f53a968a23a?source=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-7112
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/booking-system/trunk/includes/calendars/class-backend-calendar-schedule.php#L441
https://plugins.trac.wordpress.org/browser/booking-system/trunk/includes/calendars/class-backend-calendar-schedule.php#L529
https://plugins.trac.wordpress.org/changeset/3147739/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5a7358cd-fec8-4a16-ae6b-14194bb63396?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-40681
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/297611
https://www.ibm.com/support/pages/node/7167732
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-36138
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
References: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-38650
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-38651
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-39714
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-39715
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-39718
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-40709
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-40710
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords). Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within Veeam Backup & Replication.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-40711
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-40712
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-40713
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-40714
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-40718
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-42019
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-42020
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-42021
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-42022
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-42023
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-42024
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
References: https://www.veeam.com/kb4649
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found