Weekly Vulnerability Roundup - Week Commencing 7th October 2024

Weekly Summary

This week, we've noticed an unsettling trend where vulnerabilities in both Microsoft products, such as Internet Explorer and SharePoint, and third-party systems, like Zimbra Collaboration Suite and School Management WordPress plugin, are showing a rise in exploit prediction scores, generally within the range of 10-20%. This indicates an increased potential for remote code execution and other attacks. Particularly alarming is a vulnerability in Zimbra with a 94.98% EPSS increase, making immediate patching crucial. Fortinet products and Ivanti Cloud Services Appliance have vulnerabilities marked critical by CISA, meaning they are newly being exploited, and others showing slight increases, demanding swift updates or product decommissioning. Overall, the report includes vulnerabilities that could allow attackers to execute remote commands, manipulate user sessions, or expose sensitive information. It's critical to tightly monitor these developments and ensure systems are updated as part of a robust security strategy.

Want to receive this report right to your inbox every Friday? Enter your email address here to sign up: https://marketing.precursorsecurity.com/weekly-vulnerability-report/

Affected Technologies Summary

• CVE-2024-45519 - Zimbra Collaboration Suite
• CVE-2003-0225 - Microsoft Internet Information Server (IIS) 4.0 and 5.0
• CVE-2008-1545 - Microsoft Internet Explorer 7
• CVE-2007-4935 - phpFFL 1.24
• CVE-2006-3086 - Microsoft Hyperlink Object Library
• CVE-2024-29824 - Ivanti EPM
• CVE-2023-2648 - Weaver E-Office 9.5
• CVE-2022-1609 - School Management WordPress plugin
• CVE-2016-3427 - Oracle Java SE, Java SE Embedded, JRockit
• CVE-2024-45409 - Ruby SAML
• CVE-2023-46818 - ISPConfig
• CVE-2012-0163 - Microsoft .NET Framework
• CVE-2016-7199 - Microsoft Internet Explorer, Microsoft Edge
• CVE-2022-28998 - Xlight FTP
• CVE-2007-4947 - myphpPagetool 0.4.3
• CVE-2008-0951 - Windows Vista
• CVE-2022-25765 - pdfkit
• CVE-2022-38181 - Arm Mali GPU kernel driver
• CVE-2020-24148 - WordPress plugin: Import XML and RSS Feeds
• CVE-2023-23488 - Paid Memberships Pro WordPress Plugin
• CVE-2006-5928 - Phpjobscheduler 3.0
• CVE-2007-6239 - Squid
• CVE-2013-3179 - Microsoft SharePoint
• CVE-2019-18655 - File Sharing Wizard 1.5.0 build 2008
• CVE-2013-3525 - Request Tracker
• CVE-2024-23113 - Fortinet Security Products
• CVE-2024-9380 - Ivanti Cloud Services Appliance
• CVE-2024-9379 - Ivanti Cloud Services Appliance
• CVE-2024-43573 - Microsoft Windows MSHTML Platform
• CVE-2024-43572 - Microsoft Windows Management Console
• CVE-2024-43047 - Qualcomm chipsets

CVE-2024-45519

EPSS Increase Delta: 94.98%
Original Score: 0.05%
Affected Technology: Zimbra Collaboration Suite
Is New CISA Known Exploited Vulnerability: False

The EPSS has seen a significant jump, moving from 0.05% to 95.03%, a delta of almost 95%. Researchers discovered a critical vulnerability in the postjournal service of Zimbra Collaboration (ZCS) that predates 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1 versions. The flaw enables unauthenticated users to execute commands, potentially leading to unauthorized access or control of the affected systems. Immediate patching to the latest version is strongly advised to mitigate this risk.

CVE-2003-0225

EPSS Increase Delta: 66.14%
Original Score: 9.27%
Affected Technology: Microsoft Internet Information Server (IIS) 4.0 and 5.0
Is New CISA Known Exploited Vulnerability: False

The EPSS has seen a significant increase, with a delta of 66.14%, from an original risk percentage of 9.27% to an updated risk of 75.41%. This vulnerability pertains to Microsoft Internet Information Server (IIS) 4.0 and 5.0 where the Response.AddHeader ASP function can be manipulated by remote attackers. By generating a large header through an ASP page, attackers can cause a denial of service via memory consumption. Immediate actions include applying appropriate software updates and monitoring network traffic for unusual activities.

CVE-2008-1545

EPSS Increase Delta: 50.86%
Original Score: 4.71%
Affected Technology: Microsoft Internet Explorer 7
Is New CISA Known Exploited Vulnerability: False

This week, we’ve observed a significant increase in threat potential for CVE-2008-1545, with the EPSS delta showing a 50.86% rise. The vulnerability pertains to Microsoft Internet Explorer 7, where the setRequestHeader method of the XMLHttpRequest object lacks proper restriction for the Transfer-Encoding HTTP request header. This oversight permits remote attackers to execute HTTP request splitting and smuggling tactics using a malformed POST request that includes a 'Transfer-Encoding: chunked' header, alongside an inaccurately sized chunk in the request body. Currently, no remediation actions from the vulnerability source have been prescribed.

CVE-2007-4935

EPSS Increase Delta: 34.38%
Original Score: 11.08%
Affected Technology: phpFFL 1.24
Is New CISA Known Exploited Vulnerability: False

The EPSS score for CVE-2007-4935 has seen a significant increase from 11.08% to 45.46%, indicating a notable rise in the threat level. This vulnerability pertains to multiple PHP remote file inclusion issues in phpFFL 1.24, where remote attackers can execute arbitrary PHP code utilizing a URL in the PHPFFL_FILE_ROOT parameter to various scripts. Immediate remedies include the review and update of affected scripts and parameters to prevent exploitation.

CVE-2006-3086

EPSS Increase Delta: 34.22%
Original Score: 41.46%
Affected Technology: Microsoft Hyperlink Object Library
Is New CISA Known Exploited Vulnerability: False

EPSS score increased from 41.46% to 75.68%, a delta of 34.22%. A buffer overflow vulnerability in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) could lead to a crash or arbitrary code execution with crafted long hyperlinks. No CISA alert issued. Remediation includes applying updates provided by Microsoft to mitigate the risk.

CVE-2024-29824

EPSS Increase Delta: 34.16%
Original Score: 2.17%
Affected Technology: Ivanti EPM
Is New CISA Known Exploited Vulnerability: False

EPSS has seen a significant increase by 34.16% for CVE-2024-29824, going from an EPSS score of 2.17% to 36.33%. This pertains to an SQL Injection vulnerability present in Ivanti EPM 2022 SU5 and earlier versions. Due to insufficient input sanitization, an unauthenticated attacker within the same network segment can execute arbitrary code. Immediate patching is advised to mitigate this issue.

CVE-2023-2648

EPSS Increase Delta: 24.12%
Original Score: 15.60%
Affected Technology: Weaver E-Office 9.5
Is New CISA Known Exploited Vulnerability: False

EPSS percentage increased significantly from 15.6% to 39.72%, showing a rise of 24.12%. The critical vulnerability involves Weaver E-Office 9.5, specifically in /inc/jquery/uploadify/uploadify.php. Attackers can upload files without restrictions by manipulating the Filedata parameter. Remote exploitation is feasible, and public disclosure of the exploit raises the risk of attack. Immediate update or patch application is advised; however, the vendor has not yet responded to the issue.

CVE-2022-1609

EPSS Increase Delta: 20.20%
Original Score: 38.90%
Affected Technology: School Management WordPress plugin
Is New CISA Known Exploited Vulnerability: False

EPSS increased from 38.90% to 59.10%, showing a 20.20% delta. The vulnerability in the School Management WordPress plugin before 9.9.7 features an obfuscated backdoor within its license verification code. This backdoor registers a REST API handler allowing unauthenticated attackers to execute arbitrary PHP code on the website. Users should update to the latest version to mitigate this risk.

CVE-2016-3427

EPSS Increase Delta: 17.74%
Original Score: 49.48%
Affected Technology: Oracle Java SE, Java SE Embedded, JRockit
Is New CISA Known Exploited Vulnerability: False

CVE-2016-3427 saw a significant increase in risk exposure, with the EPSS score rising from 49.48% to 67.22%, a delta of 17.74%. This vulnerability affects Oracle Java SE and JRockit, allowing a remote attacker to compromise confidentiality, integrity, and availability through unknown vectors related to JMX. Users should apply updates provided by Oracle to mitigate this issue.

CVE-2024-45409

EPSS Increase Delta: 16.31%
Original Score: 0.09%
Affected Technology: Ruby SAML
Is New CISA Known Exploited Vulnerability: False

The EPSS risk scoring metric for CVE-2024-45409 has increased significantly from 0.09% to 16.41%, indicating a growing concern. The vulnerability resides in the Ruby SAML library, where versions up to 1.12.2 and 1.13.0 to 1.16.0 fail to properly verify SAML Response signatures. An attacker could exploit this to forge a SAML Response/Assertion, potentially logging in as any user. Updating to versions 1.17.0 or 1.12.3 patches this issue. As of this report, there is no indication that the vulnerability has been acknowledged by CISA KEV.

CVE-2023-46818

EPSS Increase Delta: 15.16%
Original Score: 73.28%
Affected Technology: ISPConfig
Is New CISA Known Exploited Vulnerability: False

EPSS has increased by 15.16 percentage points, indicating a growing risk associated with CVE-2023-46818. The vulnerability exists in ISPConfig versions prior to 3.2.11p1, where if admin_allow_langedit is enabled, an authenticated admin can perform PHP code injection via the language file editor. The EPSS jump suggests prioritization of this issue is warranted. To mitigate the threat, administrators should disable language file editing and update to version 3.2.11p1 or later as soon as possible.

CVE-2012-0163

EPSS Increase Delta: 15.09%
Original Score: 59.11%
Affected Technology: Microsoft .NET Framework
Is New CISA Known Exploited Vulnerability: False

The EPSS score for CVE-2012-0163 has increased by 15.09%, from an original value of 59.11% to 74.19%. This vulnerability affects Microsoft .NET Framework across several versions and stems from insufficient validation of function parameters. Attackers can exploit this flaw remotely to execute arbitrary code by using a crafted application or document. This could include a XAML browser application, an ASP.NET application, or a .NET Framework application. The issue has been dubbed .NET Framework Parameter Validation Vulnerability. There are no immediate remediation actions specified.

CVE-2016-7199

EPSS Increase Delta: 14.87%
Original Score: 30.14%
Affected Technology: Microsoft Internet Explorer, Microsoft Edge
Is New CISA Known Exploited Vulnerability: False

The EPSS score for CVE-2016-7199 witnessed a significant rise by approximately 14.87%, from an initial 30.14% to 45.01%. This vulnerability affects Microsoft Internet Explorer versions 9 to 11 and Microsoft Edge. It allows remote attackers to sidestep the Same Origin Policy, leading to potential information disclosure of sensitive window-state data through a specially crafted website, known as the 'Microsoft Browser Information Disclosure Vulnerability.' Users should apply any available patches or updates from Microsoft to mitigate this risk.

CVE-2022-28998

EPSS Increase Delta: 14.61%
Original Score: 11.43%
Affected Technology: Xlight FTP
Is New CISA Known Exploited Vulnerability: False

EPSS has increased from 11.43% to 26.04%, showing a delta of 14.61% which indicates a growing concern. The vulnerability in Xlight FTP v3.9.3.2 is a stack-based buffer overflow that could allow attackers to extract sensitive information through carefully constructed code. There's no indication that this vulnerability is on the CISA KEV list; users should patch or update the software as recommended by the vendor to mitigate this risk.

CVE-2007-4947

EPSS Increase Delta: 13.79%
Original Score: 11.91%
Affected Technology: myphpPagetool 0.4.3
Is New CISA Known Exploited Vulnerability: False

The EPSS score for CVE-2007-4947 has increased by 13.79%, from an initial value of 11.91% to 25.7%. This vulnerability is present in myphpPagetool version 0.4.3 and involves multiple remote file inclusion flaws that permit execution of arbitrary PHP code via a crafted URL, affecting parameters within admin documentation scripts. No standardized solution exists; however, restricting access to the affected files or input validation may mitigate this issue.

CVE-2008-0951

EPSS Increase Delta: 13.44%
Original Score: 28.56%
Affected Technology: Windows Vista
Is New CISA Known Exploited Vulnerability: False

Observing a 13.44% increase in the Exploit Prediction Scoring System (EPSS) risk, Windows Vista presents a vulnerability where its NoDriveTypeAutoRun registry value is not properly enforced. This flaw potentially allows attackers to execute arbitrary code by leveraging autorun capabilities from CD-ROM or U3-enabled USB devices containing an Autorun.inf file. While there is no CISA alert associated, users should consider adjusting relevant registry values and disable autorun features to mitigate this risk.

CVE-2022-25765

EPSS Increase Delta: 12.95%
Original Score: 21.26%
Affected Technology: pdfkit
Is New CISA Known Exploited Vulnerability: False

The EPSS risk score for CVE-2022-25765 increased by 12.95%, from an initial score of 21.26% to a new score of 34.21%. This vulnerability affects the pdfkit package, starting from version 0.0.0, where there is a risk of Command Injection due to improper URL sanitization. Users should update to a non-vulnerable version of pdfkit to mitigate this issue.

CVE-2022-38181

EPSS Increase Delta: 20.82%
Original Score: 60.65%
Affected Technology: Arm Mali GPU kernel driver
Is New CISA Known Exploited Vulnerability: False

The EPSS has increased by 20.82%, from an initial score of 60.65% to 73.23%. The vulnerability in question stems from the Arm Mali GPU kernel driver, which incorrectly handles GPU memory operations, leading to unprivileged users being able to access freed memory. Affected versions include Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; as well as Midgard r4p0 through r32p0. Users should apply updates provided by Arm to mitigate the risk and monitor the guidance from their device manufacturers for specific patch availability.

CVE-2020-24148

EPSS Increase Delta: 11.72%
Original Score: 21.33%
Affected Technology: WordPress plugin: Import XML and RSS Feeds
Is New CISA Known Exploited Vulnerability: False

EPSS score increased by 11.72%, from an initial 21.33% to 33.05%. An SSRF vulnerability in Import XML and RSS Feeds plugin version 2.0.1 for WordPress allows attackers to manipulate server requests via the 'data' parameter in a 'moove_read_xml' action. There are currently no remedial actions specified.

CVE-2023-23488

EPSS Increase Delta: 11.62%
Original Score: 11.58%
Affected Technology: Paid Memberships Pro WordPress Plugin
Is New CISA Known Exploited Vulnerability: False

EPSS score for CVE-2023-23488 has increased by 11.62%, from an initial 11.58% to 23.20%. This vulnerability affects the Paid Memberships Pro WordPress Plugin, where versions prior to 2.9.8 are susceptible to an unauthenticated SQL injection via the 'code' parameter in the '/pmpro/v1/order' REST route. Users should update to version 2.9.8 or later to mitigate this issue.

CVE-2006-5928

EPSS Increase Delta: 11.42%
Original Score: 58.16%
Affected Technology: Phpjobscheduler 3.0
Is New CISA Known Exploited Vulnerability: False

EPSS has increased by 11.42%, from an initial 58.16% to 69.57%. This vulnerability in Phpjobscheduler 3.0 is caused by multiple PHP remote file inclusion flaws, which allow remote attackers to execute arbitrary PHP code through a URL passed to the installed_config_file parameter in various scripts. Users are advised to update the software to the latest version to mitigate this risk.

CVE-2007-6239

EPSS Increase Delta: 11.22%
Original Score: 22.11%
Affected Technology: Squid
Is New CISA Known Exploited Vulnerability: False

Notable EPSS increase of 11.22% signifies a growing risk related to CVE-2007-6239. This vulnerability affects the cache update reply processing in versions of Squid before 2.6.STABLE17 and 3.0. Exploitation can lead to a denial of service via specifically crafted HTTP headers resulting in an Array memory leak for cached object requests. Upgrading to a non-affected version of Squid is recommended to mitigate this vulnerability.

CVE-2013-3179

EPSS Increase Delta: 11.10%
Original Score: 27.66%
Affected Technology: Microsoft SharePoint
Is New CISA Known Exploited Vulnerability: False

An increase in exploit likelihood is noticed for CVE-2013-3179, moving from 27.66% to 38.76%, marking an EPSS delta of approximately 11.10%. This vulnerability affects Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013, where remote attackers can use cross-site scripting (XSS) to run arbitrary web scripts or HTML by means of a crafted request. The concern here is the significant potential for data manipulation or theft. Users should apply patches provided by Microsoft or follow guidance to mitigate this issue.

CVE-2019-18655

EPSS Increase Delta: 10.87%
Original Score: 0.73%
Affected Technology: File Sharing Wizard 1.5.0 build 2008
Is New CISA Known Exploited Vulnerability: False

The EPSS score has increased significantly from 0.73% to 11.59%, indicating a higher risk associated with this vulnerability. File Sharing Wizard version 1.5.0 build 2008 has a critical buffer overflow vulnerability that allows remote attackers, without authentication, to execute commands and gain shell access through a crafted HTTP GET request. Users are advised to update or apply patches if available.

CVE-2013-3525

EPSS Increase Delta: 10.78%
Original Score: 21.66%
Affected Technology: Request Tracker
Is New CISA Known Exploited Vulnerability: False

The EPSS score has increased by 10.78%, starting from 21.66% to a new value of 32.45%. This reflects a heightened risk factor associated with the vulnerability, which involves a SQL injection in the Approvals section of Request Tracker 4.0.10 and earlier versions that could allow remote attackers to execute arbitrary SQL commands through the ShowPending parameter. Despite the vendor's claims of an inability to replicate the issue and the reporter's retraction, it is essential to maintain awareness and apply critical updates or workarounds, especially due to its potential impact.

CVE-2024-23113

EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Fortinet Security Products
Is New CISA Known Exploited Vulnerability: True

New addition to the CISA KEV list - Fortinet products including FortiOS, FortiPAM, FortiProxy, and FortiWeb are vulnerable to a format string issue, which could permit remote code execution without authentication. The vendor advises applying provided mitigations or ceasing usage if none are available.

CVE-2024-9380

EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Ivanti Cloud Services Appliance
Is New CISA Known Exploited Vulnerability: True

This is a new addition to the CISA KEV catalog. This software, Ivanti Cloud Services Appliance, has a command injection vulnerability permitting admin users to execute unauthorized OS commands. It is marked as critical by CISA and affected users should immediately transition from the unsupported version 4.6.x to the current 5.0.x series or later to mitigate this risk.

CVE-2024-9379

EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Ivanti Cloud Services Appliance
Is New CISA Known Exploited Vulnerability: True

Brand new addition to the CISA KEV list. The vulnerability in Ivanti Cloud Services Appliance relates to a SQL injection in the admin web console for versions before 5.0.2. This can let an authenticated administrator execute arbitrary SQL commands. Remediation includes removing CSA 4.6.x from service or upgrading to version 5.0.x or later. As CISA considers this critical, it has been added to the KEV list.

CVE-2024-43572

EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Ivanti Cloud Services Appliance
Is New CISA Known Exploited Vulnerability: True

This is a new addition to the CISA Known Exploited Vulnerabilities list, highlighting its urgency. An unspecified vulnerability in Microsoft Windows Management Console can lead to remote code execution. To mitigate this risk, users should follow the provided vendor guidelines or cease using the affected product if no mitigations are offered. The vulnerability is serious enough to warrant inclusion in the CISA KEV list.

CVE-2024-43573

EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Microsoft Windows MSHTML Platform
Is New CISA Known Exploited Vulnerability: True

EPSS has increased to 0.63%, indicating a growing risk. Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability, potentially leading to confidentiality breaches. Remediation involves applying the vendor-provided mitigations or ceasing product use if no solution exists.

CVE-2024-43047

EPSS Increase Delta: N/A
Original Score: N/A
Affected Technology: Qualcomm chipsets
Is New CISA Known Exploited Vulnerability: True

This vulnerability is a new addition to the CISA KEV list. It affects multiple Qualcomm chipsets, involving a use-after-free issue caused by memory corruption in DSP Services while maintaining memory maps of HLOS memory. The advised action is to apply vendor-supplied remediations or cease using the impacted product if fixes are not available.

‍