The Precursor Security Weekly Vulnerability Roundup for week commencing 14th October 2024.
.png)
Get Your 'Vulnerability Management Template' FREE!
Your Vulnerability Management Template Includes:
Secure your organisation today by completing the form for your Vulnerability Management Template.
Download the, 'How to secure Microsoft Office Desktop Deployments Technical Guide' - FREE
Complete the form to download your free technical guide and secure your organisation today.
Download the Cyber Essentials Template Policy Pack - FREE
Complete the form to download your FREE Cyber Essentials Template Pack today, including:
Download the Microsoft 365 Security Guide - FREE
Complete the form to download your FREE Microsoft 365 Security Guide today, including:
Sign up on the form and receive the guide instantly.
This week, EPSS scores show a marked increase in risk across vulnerabilities in various technologies, notably in Microsoft products. Escalation flaw in the Microsoft Windows Kernel, which has been added to the CISA KEV list. Overall, the change in EPSS reflects a trend where attackers might target widely-used software for greater impact, risking remote code execution and data breaches. Users must apply patches or cease using affected products promptly. Three new vulnerabilities have been added to the CISA KEV list.
Want to receive this report right to your inbox every Friday? Enter your email address here to sign up: https://marketing.precursorsecurity.com/weekly-vulnerability-report/
EPSS Increase Delta: 73.52%
Original Score: 0.04%
Affected Technology: Palo Alto Networks Expedition
Is New CISA Known Exploited Vulnerability: False
EPSS increased significantly by 73.52%, indicating a higher risk. An OS command injection in Palo Alto Networks Expedition lets unauthenticated attackers execute arbitrary commands as root, compromising usernames, plaintext passwords, configurations, and API keys of PAN-OS firewalls. There are no specified remediations from the NVD at this time.
EPSS Increase Delta: 29.60%
Original Score: 14.54%
Affected Technology: WP Fastest Cache WordPress plugin
Is New CISA Known Exploited Vulnerability: False
The EPSS score increased by 29.60% to 44.14%. The WP Fastest Cache WordPress plugin before version 1.2.2 is vulnerable to a SQL injection due to improper sanitisation and escape of a parameter, with exploitation possible by unauthenticated users. It's recommended to update to the latest version to mitigate this vulnerability.
EPSS Increase Delta: 25.62%
Original Score: 26.97%
Affected Technology: OpenSSL
Is New CISA Known Exploited Vulnerability: False
EPSS increased from 26.97% to 52.59%, indicating a higher risk level. The vulnerability affects OpenSSL and can be exploited to perform a denial of service attack by sending multiple malformed ALERT packets during a handshake, making the server unresponsive. Upgrade to a patched OpenSSL version to mitigate this issue.
EPSS Increase Delta: 18.10%
Original Score: 0.04%
Affected Technology: Palo Alto Networks Expedition
Is New CISA Known Exploited Vulnerability: False
The vulnerability CVE-2024-9465 has undergone a significant increase in risk, with the EPSS delta rising to 18.10% from an original likelihood of 0.04%. The critical flaw pertains to Palo Alto Networks Expedition, where an SQL injection vulnerability allows an unauthenticated attacker to extract sensitive data and potentially write arbitrary files. Immediate patching is advised.
EPSS Increase Delta: 15.51%
Original Score: 18.34%
Affected Technology: NUUO NVRmini2 Network Video Recorder
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2018-19864 has seen an increase of 15.51%, moving from an initial score of 18.34% to 33.85%. This vulnerability in NUUO NVRmini2 Network Video Recorder firmware versions up to 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service via a buffer overflow. This could lead to unauthorized access to camera feeds or reconfiguration of the device. There is no directed remediation information, but users should consider updating to a non-vulnerable version if available.
EPSS Increase Delta: 14.85%
Original Score: 58.30%
Affected Technology: Microsoft Excel
Is New CISA Known Exploited Vulnerability: False
EPSS has increased by 14.85%, going from an original 58.30% to a current 73.15%. This phenomenon reflects growing concern around the vulnerability found in Microsoft Excel which could allow attackers to compel Excel to execute arbitrary JavaScript and redirect users to malevolent sites.
EPSS Increase Delta: 14.54%
Original Score: 20.19%
Affected Technology: IBM Lotus Quickr
Is New CISA Known Exploited Vulnerability: False
EPSS score increased from 20.19% to 34.73%, a delta of 14.54%. This vulnerability is a buffer overflow in the ActiveX control of IBM Lotus Quickr for Domino 8.5.1, which predates version 8.5.1.42-001b. It could allow remote attackers to execute arbitrary code via a crafted HTML document. It is distinct from CVE-2013-6748. Users should update to a non-affected version to remediate.
EPSS Increase Delta: 14.54%
Original Score: 20.19%
Affected Technology: IBM Lotus Quickr for Domino 8.5.1
Is New CISA Known Exploited Vulnerability: False
EPSS score increased from 20.19% to 34.73%, demonstrating a 14.54% delta. A critical buffer overflow was found in IBM Lotus Quickr for Domino 8.5.1 preceding version 8.5.1.42-001b. Attackers can exploit this by convincing a user to open a malicious HTML document, leading to potential remote code execution. This is separate from CVE-2013-6749. Users should update to version 8.5.1.42-001b or later.
EPSS Increase Delta: 13.54%
Original Score: 56.27%
Affected Technology: Microsoft Internet Explorer 6, 7, 8
Is New CISA Known Exploited Vulnerability: False
EPSS has increased by 13.54%, now at 69.81% from originally being at 56.27%. The vulnerability concerns a use-after-free issue in the MSHTML.DLL of Internet Explorer versions 6 through 8. Remote attackers could run arbitrary code or crash the application through certain manipulations of the DOM and associated functions. No immediate remediation details are provided.
EPSS Increase Delta: 12.99%
Original Score: 59.82%
Affected Technology: Skype for Business
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2023-41763 has risen by 12.99%, indicating increased attention to this threat and potentially higher risk of exploitation. This vulnerability exists in Skype for Business and could potentially allow an attacker to gain elevated privileges within the system. To best mitigate this threat, updating the affected software with the latest security patches released by the vendor is advised.
EPSS Increase Delta: 12.82%
Original Score: 48.09%
Affected Technology: Microsoft Exchange Server
Is New CISA Known Exploited Vulnerability: False
EPSS has increased from 48.09% to 60.91%, marking a delta of 12.82%. This vulnerability is identified as a Microsoft Exchange Server Remote Code Execution issue, which could allow an attacker to perform arbitrary code execution. Immediate patching is recommended.
EPSS Increase Delta: 11.94%
Original Score: 57.38%
Affected Technology: Oracle Fusion Middleware
Is New CISA Known Exploited Vulnerability: False
EPSS has increased from 57.38% to 69.31%, indicating a higher risk of exploitability. This vulnerability resides in Oracle Business Intelligence Enterprise Edition, specifically within the Installation component of Oracle Fusion Middleware. Affected versions are 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0. An unauthenticated attacker could potentially exploit this flaw over HTTP to gain unauthorized access to critical or all accessible data. To address this issue, administrators are urged to apply the necessary patches or updates provided by Oracle.
EPSS Increase Delta: 10.77%
Original Score: 9.91%
Affected Technology: Sangfor Next-Gen Application Firewall
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2023-30805 has increased significantly, from 9.91% to 20.68%, a change of 10.77%. This vulnerability impacts the Sangfor Next-Gen Application Firewall version NGAF8.0.17, allowing remote, unauthenticated attackers to execute arbitrary commands via a crafted HTTP POST request to the /LogInOut.php endpoint. This results from improper handling of shell meta-characters in the 'un' parameter. Immediate patching is advised to mitigate this risk.
EPSS Increase Delta: 10.77%
Original Score: 9.91%
Affected Technology: Sangfor Next-Gen Application Firewall NGAF8.0.17
Is New CISA Known Exploited Vulnerability: False
EPSS increased from 9.91% to 20.68%, an uptick of 10.77%. The vulnerability resides in the Sangfor Next-Gen Application Firewall version NGAF8.0.17, where an attacker can inject and execute arbitrary commands through a malformed HTTP POST request targeting the /cgi-bin/login.cgi endpoint. The flaw stems from improper handling of shell meta-characters within the PHPSESSID cookie. Users should apply any provided patches or follow vendor mitigation instructions promptly to secure their systems against potential exploitation.
EPSS Increase Delta: 10.12%
Original Score: 65.09%
Affected Technology: Microsoft Windows Vista
Is New CISA Known Exploited Vulnerability: False
This week, we observed a 10.12% increase in the EPSS (Event Probability Scoring System) for CVE-2007-5351, signaling a heightened risk profile. The vulnerability itself pertains to unspecified flaws in the SMBv2 signing support on Windows Vista. Attackers can exploit this by sending a specially crafted SMBv2 packet, causing signature re-computation and potentially leading to arbitrary code execution. Users are advised to apply any available patches or follow vendor recommendations to mitigate this issue.
EPSS Increase Delta: 3.09%
Original Score: 94.16%
Affected Technology: SolarWinds Web Help Desk
Is New CISA Known Exploited Vulnerability: True
The EPSS score for CVE-2024-28987 increased by 3.09%, signaling a heightened risk. This vulnerability affects SolarWinds Web Help Desk, involving hardcoded credentials that grant unauthenticated and remote access with potential data modification capabilities. Mitigation involves following vendor instructions or ceasing product use if no solutions are available. It was added to the CISA KEV list.
EPSS Increase Delta: 38.10%
Original Score: 0.04%
Affected Technology: Microsoft Windows Kernel
Is New CISA Known Exploited Vulnerability: True
The EPSS score has risen sharply from 0.04% to 0.42%, a delta of 38.10%, indicating a significantly increased risk. Due to a TOCTOU race condition in the Microsoft Windows Kernel, there is a privilege escalation vulnerability, which could be exploited by attackers. The CISA has added this to the KEV list, emphasizing the need for immediate attention to apply necessary mitigations or to discontinue use if there is no remedy.
EPSS Increase Delta: 25.30%
Original Score: 0.04%
Affected Technology: Mozilla Firefox, Firefox ESR
Is New CISA Known Exploited Vulnerability: True
The EPSS increase for CVE-2024-9680 indicates a notable rise from 0.04% to 25.34%, revealing a heightened risk since initial assessment. Mozilla Firefox and Firefox ESR suffer from a use-after-free vulnerability within Animation timelines, potentially leading to code execution in the content process. Immediate remediation is advised either by implementing vendor-supplied mitigations or ceasing product usage if no fixes are offered. This has been newly added to the CISA Known Exploited Vulnerability list.
Want to receive this report right to your inbox every Friday? Enter your email address here to sign up: https://marketing.precursorsecurity.com/weekly-vulnerability-report/
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
![Experienced people icon]](https://cdn.prod.website-files.com/6569bb4bd6018f8bee273541/65c0fddfb82858785bf456d7_rating.png)
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
It’s important to know what you’re getting, what’s not included and what else is available. This starts with understanding a SOC and it’s critical functions. CREST has recently published a guide to the critical functions of a SOC which aligns with the CREST SOC standard.
Enter your details here and to get the complete guide instantly sent to your inbox.
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
Precursor Security
Welcome to Precursor Security, where the forefront of cybersecurity and penetration testing expertise meets unmatched dedication and innovation. We are the architects of robust digital defences, committed to safeguarding the online realm.
Sign up for the Precursor newsletter to receive valuable insights and strategies for safeguarding your organisation.
