Top Reported Known Exploitable Issues:
Here is the complete list of vulnerabilities for this month that we’ve updated within our platform, to be treated as a priority:
Watchlist Details: CVE-2024-49138
Name
Windows Common Log File System Driver Elevation of Privilege
Description
Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Watchlist Details: CVE-2024-44309
Name
Apple IOS
Description
A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content. The iPhone maker said it addressed CVE-2024-44308 and CVE-2024-44309 with improved checks and improved state management, respectively. Not much is known about the exact nature of the exploitation, but Apple has acknowledged that the pair of vulnerabilities “may have been actively exploited on Intel-based Mac systems
Watchlist Details: CVE-2023-28461
Name
Array Networks AG and vxAG
Description
The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes (version 9.4.0.484) for the security shortcoming were released by the network hardware vendor in March 2023. Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication.
Watchlist Details: CVE-2024-50623
Name
Cleo-managed file transfer
Description
An identified unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution. The vulnerability affects the following products: Cleo Harmony® (prior to version 5.8.0.21) Cleo VLTrader® (prior to version 5.8.0.21) Cleo LexiCom® (prior to version 5.8.0.21) Cleo strongly advises all customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch (version 5.8.0.21) to address additional discovered potential attack vectors of the vulnerabilit
Watchlist Details: CVE-2024-38813
Name
VMware vCenter Server
Description
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Watchlist Details: CVE-2024-51378
Name
I-O Data Routers
Description
Multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel CVE-2024-51378 (CVSS score: 10.0) – An incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property
Watchlist Details: CVE-2024-4244
Name
Veeam
Description
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. “From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine
Watchlist Details: CVE-2024-11639
Name
Ivanti
Description
CVE-2024-11639 (CVSS score: 10.0) – An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access
Watchlist Details: CVE-2024-11639
Name
Palo Alto Networks Expedition SQL Injection Vulnerability
Description
Successful exploitation of the vulnerability could allow an unauthenticated attacker to run arbitrary OS commands as root in the Expedition migration tool or reveal its database contents. This could then pave the way for disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls, or create and read arbitrary files on the vulnerable system.
Watchlist Details: CVE-2024-1212
Name
VMware vCenter Server
Description
Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog
Watchlist Details: CVE-2024-49112
Name
Windows Lightweight Directory Access Protocol
Description
tracked as CVE-2024-49112 (CVSS score: 9.8). “An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.
Watchlist Details: CVE-2024-10905
Name
identityIQ
Description
A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ “allows HTTP access to static content in the IdentityIQ application directory that should be protected,” according to a description of the flaw on NIST’s National Vulnerability Database (NVD). The vulnerability has been characterized as a case of improper handling of file names that identify virtual resources (CWE-66), which could be abused to read otherwise inaccessible files.
Watchlist Details: CVE-2024-21287
Name
Oracle PLM
Description
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. “This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” it said in an advisory. “If successfully exploited, this vulnerability may result in file disclosure.”
Watchlist Details: CVE-2024-41713
Name
Mitel
Description
Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input validation in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab that results in a path traversal attack
Watchlist Details: CVE-2024-11972
Name
WordPress Hunk Plugin
Description
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin accounts.
