AuthorTAFA Archives
April 2024
Categories
All
|
Back to Blog
Alert/Advisory: Progress Flowmon Critical Vulnerability Allows Remote Unauthenticated Access8/5/2024 A critical vulnerability (tracked as CVE-2024-2389), that has been scored 10 out of 10 in the Common Vulnerability, has been found to affect Progress Flowmon web interfaces. Fortunately, Progress has released security updates to address this vulnerability. This vulnerability when exploited successfully can allow attackers unauthenticated remote access via API to execute arbitrary system commands. Recently, multiple proof-of-concepts exploits have been published for this vulnerability. The affected product versions are: Flowmon v12.x and Flowmon v11.x. But it does not affect versions 10.x and lower. It is highly advised for Firemon customers to immediately upgrade to one of the patched versions - v12.3.5 or 11.1.14, and then to upgrade all Flowmon modules. More information is available here: https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-044
Back to Blog
The PuTTY project has released a security update to address a critical vulnerability (tracked as CVE-2024-31497) in PuTTY 0.68 through 0.80. This vulnerability could potentially allow attackers to access 60 cryptographic signatures that can be utilised to recover the private key used for their generation. This consequence of this critical vulnerability is that it will allow unauthorised access to SSH servers or sign commits as the developer. This can potentially lead to supply chain attacks on impacted software projects. This vulnerability is caused by how PuTTY generates temporary unique cryptographic numbers for the NIST P-521 curve used for SSH authentication. PuTTY is a popular open-source terminal emulator, serial console, and network file transfer application that supports SSH, Telnet, SCP, and SFTP. The developers have fixed the vulnerability in PuTTY version 0.81. However, it is noted that any P521 private keys generated using the vulnerable version of the tool should be considered unsafe and be replaced by new, secure keys. Listed below are confirmed software that uses the vulnerable PuTTY:
It should be noted that it is likely that there are more software tools impacted by this vulnerability, depending on the PuTTY version incorporated. It is highly advised that users check their tools and take the preventive action needed. More information is available here: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-042 https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
Back to Blog
Palo Alto has warned on 13 April 2024 that hackers were actively exploiting an unauthenticated remote code execution vulnerability in their PAN-OS firewall software (tracked as CVE-2024-3400) since 26 March 2024. This critical vulnerability can allow hackers to use compromised devices to breach internal networks, steal data and credentials. Patches for this critical vulnerability have been available since 14 April 2024. It is strongly recommended for users and administrators of affected versions to immediately upgrade to the latest version.
This vulnerability affects the following products:
Palo Alto Networks decided to disclose this flaw and release mitigations earlier as the flaw was being used in attacks. They also released mitigations so that customers could protect their devices until patches were complete. Volexity has provided a method to detect if a Palo Alto Networks firewall has been compromised:
More information is available here: https://security.paloaltonetworks.com/CVE-2024-3400 https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/device-telemetry/device-telemetry-configure/device-telemetry-disable https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
Back to Blog
Security researchers, Red Hat, warned users that the latest versions of the “xz” tools and libraries in Linux distributions contain malicious code that appears to allow unauthorised access and gain remote access to the entire system.
This vulnerability is tracked as CVE-2024-3094, and has been scored a 10 out of 10 on the Common Vulnerability Scoring System (CVSSv3). Specifically, this critical vulnerability is present in XZ versions 5.6.0 and 5.6.1. Users who use these versions are highly advised to immediately downgrade to older versions that do not contain the malicious code. Red Hat has warned users to immediately stop usage of any Fedora 41 or Fedora Rawhide instances for work or personal activity until users can downgrade their XZ version. Red Hat has also reverted to 5.4.x versions of XZ in Fedora 40 beta. Linux administrators can verify which version of XZ is installed by querying their package manager. CISA and CSA have published advisories warning developers and users to downgrade to an uncompromised XZ version (e.g. 5.4.6 Stable) and to look out for any malicious or suspicious activity on their systems. For more information: https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-033 https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/#google_vignette |