Last week, multiple critical vulnerabilities were discovered across various platforms, impacting network infrastructure, software libraries, IoT devices, and CPUs. OpenSSH fixed a signal handler race issue, Juniper Networks addressed an authentication bypass problem, and CocoaPods resolved supply chain attack vulnerabilities. Cisco found a command injection issue, Intel CPUs were vulnerable to a side-channel attack, and Rockwell Automation dealt with RCE vulnerabilities. Traeger also addressed unauthorized controls on IoT grills before July 4. It is crucial to apply additional patches and mitigation methods if compromised.
On July 1, 2024, OpenSSH released security updates to fix RCE issues caused by a signal handler race condition. The issue allowed unauthenticated remote code execution with root privileges on glibc-based Linux systems. The vulnerability affected specific versions of OpenSSH, and users were advised to implement the updates immediately, restrict SSH access, enforce segmentation, and conduct thorough regression testing.
Juniper Networks fixed an authentication bypass vulnerability affecting high availability redundancy deployments. The vulnerability allowed attackers to bypass authentication and gain full control of affected devices. Automatic fixes were released for vulnerable devices managed through MIST Cloud, and users were urged to update their routers to the latest versions to protect their network devices from potential risks.
CocoaPods fixed vulnerabilities that allowed supply chain attacks by enabling attackers to claim unclaimed pods, alter packages, and execute arbitrary code on the Trunk server. Users were advised to update to the latest version of CocoaPods and monitor dependencies for unapproved modifications to enhance security measures.
On July 2, 2024, Velvet Ant exploited a zero-day flaw in Cisco NX-OS Software through a command injection vulnerability. Intel CPUs were also susceptible to a side channel attack called Indirector, leaking sensitive information. Cisco issued patches for the vulnerabilities, and Intel recommended enabling existing mitigations to improve security against side-channel attacks.
On July 3, 2024, threat actors exploited a Microsoft MSHTML vulnerability to deploy the MerkSpy surveillance tool, affecting users in several countries. Microsoft discovered vulnerabilities in Rockwell Automation PanelView Plus devices, leading to remote code execution and DoS attacks. Additionally, security flaws were found in Traeger grills with the D2 Wi-Fi controller, allowing unauthorized access and control of the devices.
Lastly, on July 5, 2024, a Ghostscript vulnerability posed a threat to web applications and services through a string format error and remote code execution. Users were advised to update to the latest version of Ghostscript to prevent exploitation.
In conclusion, organizations should prioritize applying security patches, monitoring vulnerabilities, and implementing secure development practices to protect against potential cyber threats. It is essential to stay informed about the latest security updates and take proactive measures to safeguard sensitive data and infrastructure.
Article Source
https://www.esecurityplanet.com/threats/vulnerability-recap-july-8-2024/