In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 23-24, 2024.
During this period, The National Vulnerability Database published 30, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 8
Medium: 10
Low: 1
Severity Not Assigned: 9
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-45721
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user.
References: https://jvn.jp/en/jp/JVN61635834/
https://k-tai.sharp.co.jp/support/info/info083.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-46873
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.
References: https://jvn.jp/en/jp/JVN61635834/
https://k-tai.sharp.co.jp/support/info/info083.html
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-54082
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user.
References: https://jvn.jp/en/jp/JVN61635834/
https://k-tai.sharp.co.jp/support/info/info083.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-12902
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials.
References: https://www.twcert.org.tw/en/cp-139-8315-e6069-2.html
https://www.twcert.org.tw/tw/cp-132-8314-983c9-1.html
CWE-ID: CWE-1392
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-12903
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
References: https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-45387
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.
Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
References: https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr
http://www.openwall.com/lists/oss-security/2024/12/23/3
CWE-ID: CWE-89 CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-53256
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4.
References: https://github.com/rizinorg/rizin/blob/be24ca8879ed9c58f288bdf21c271b6294720da4/librz/main/rizin.c#L1275-L1278
https://github.com/rizinorg/rizin/commit/db6c5b39c065ce719f587c9815c47fbb834b10fa
https://github.com/rizinorg/rizin/security/advisories/GHSA-5jhc-frm4-p8v9
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-56362
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
References: https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff
https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1
https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8
CWE-ID: CWE-312
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-56363
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2 template. Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. For example, an attacker might be able to inject expressions like {{ config }}, {{ self.class.mro[1].subclasses() }}, or more dangerous payloads that trigger execution of arbitrary Python code. The vulnerability can be reproduced by submitting crafted input to all the template fields handled by ckeditor, that are passed directly to a Jinja2 template. If the input is rendered without sufficient sanitization, it results in the execution of malicious Jinja2 code on the server.
References: https://github.com/APTRS/APTRS/commit/9f6b6e4a56a9119eb12126a4909441e83b6d7c11
https://github.com/APTRS/APTRS/security/advisories/GHSA-h4w2-hvcg-938j
CWE-ID: CWE-97
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-53961
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.
References: https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 23-24, 2024.
During this period, The National Vulnerability Database published 30, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 8
Medium: 10
Low: 1
Severity Not Assigned: 9
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-45721
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user.
References: https://jvn.jp/en/jp/JVN61635834/
https://k-tai.sharp.co.jp/support/info/info083.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-46873
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.
References: https://jvn.jp/en/jp/JVN61635834/
https://k-tai.sharp.co.jp/support/info/info083.html
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-54082
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user.
References: https://jvn.jp/en/jp/JVN61635834/
https://k-tai.sharp.co.jp/support/info/info083.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-12902
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials.
References: https://www.twcert.org.tw/en/cp-139-8315-e6069-2.html
https://www.twcert.org.tw/tw/cp-132-8314-983c9-1.html
CWE-ID: CWE-1392
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-12903
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
References: https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-45387
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.
Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
References: https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr
http://www.openwall.com/lists/oss-security/2024/12/23/3
CWE-ID: CWE-89 CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-53256
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4.
References: https://github.com/rizinorg/rizin/blob/be24ca8879ed9c58f288bdf21c271b6294720da4/librz/main/rizin.c#L1275-L1278
https://github.com/rizinorg/rizin/commit/db6c5b39c065ce719f587c9815c47fbb834b10fa
https://github.com/rizinorg/rizin/security/advisories/GHSA-5jhc-frm4-p8v9
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-56362
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.
References: https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff
https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1
https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8
CWE-ID: CWE-312
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-56363
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2 template. Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. For example, an attacker might be able to inject expressions like {{ config }}, {{ self.class.mro[1].subclasses() }}, or more dangerous payloads that trigger execution of arbitrary Python code. The vulnerability can be reproduced by submitting crafted input to all the template fields handled by ckeditor, that are passed directly to a Jinja2 template. If the input is rendered without sufficient sanitization, it results in the execution of malicious Jinja2 code on the server.
References: https://github.com/APTRS/APTRS/commit/9f6b6e4a56a9119eb12126a4909441e83b6d7c11
https://github.com/APTRS/APTRS/security/advisories/GHSA-h4w2-hvcg-938j
CWE-ID: CWE-97
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-53961
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.
References: https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found