The Precursor Security Weekly Vulnerability Roundup for week commencing 9th September 2024.
Get Your 'Vulnerability Management Template' FREE!
Your Vulnerability Management Template Includes:
Secure your organisation today by completing the form for your Vulnerability Management Template.
Download the, 'How to secure Microsoft Office Desktop Deployments Technical Guide' - FREE
Complete the form to download your free technical guide and secure your organisation today.
Download the Cyber Essentials Template Policy Pack - FREE
Complete the form to download your FREE Cyber Essentials Template Pack today, including:
Download the Microsoft 365 Security Guide - FREE
Complete the form to download your FREE Microsoft 365 Security Guide today, including:
Sign up on the form and receive the guide instantly.
This week, we have observed a consistent rise in the EPSS scores across diverse technologies, with increases ranging from 10% to over 80%. This trend holds particularly true for older vulnerabilities where attackers often find new methods to exploit existing gaps, thereby reigniting concerns about systems that may not have been patched adequately. Microsoft products such as Windows, Internet Explorer, and Office applications, alongside software from Adobe, Linux, and Google Chrome, have shown notable upward shifts in risk potential. Adobe Acrobat Reader and Microsoft-related vulnerabilities have been prominent in terms of risk elevation.
We noted an alarming jump of over 80% for vulnerabilities within Apache CloudStack and Ivanti technologies, marking a critical concern for entities using these products. Significantly, 9 new vulnerabilities have been added to the CISA KEV list, signifying an official recognition of their critical nature and the urgent need for organisations to address these identified security flaws swiftly.
Want to receive this report right to your inbox every Friday? Enter your email address here to sign up: https://marketing.precursorsecurity.com/weekly-vulnerability-report/
EPSS Increase Delta: 93.49%
Affected Technology: Ivanti vTM
Is New CISA Known Exploited Vulnerability: False
EPSS increased dramatically by 93.49%, signifying a severe rise in threat potential. Ivanti vTM prior to versions 22.2R1 and 22.7R2 contains a severe vulnerability where an incorrect implementation of an authentication algorithm could let remote attackers bypass administrative authentication without credentials. No immediate remediation is available, indicating system administrators should prioritize updating to the fixed versions as a critical security measure.
EPSS Increase Delta: 83.83%
Affected Technology: CloudStack SAML authentication
Is New CISA Known Exploited Vulnerability: False
The EPSS risk score for CVE-2024-41107 increased significantly from 0.06% to 83.83%, indicating a substantial rise in threat potential. This vulnerability affects CloudStack SAML authentication (disabled by default) as it allows attackers to bypass SAML authentication by submitting a forged SAML response. Users who have enabled SAML authentication are at risk of a complete compromise of their resources. Affected users should either disable the SAML authentication plugin by setting 'saml2.enabled' to 'false' or upgrade to a patched version of the software.
EPSS Increase Delta: 22.16%
Affected Technology: ktsuss
Is New CISA Known Exploited Vulnerability: False
EPSS increased by 22.16%. The vulnerability in ktsuss versions 1.4 and earlier involves running user commands with root privileges due to failure to drop privileges, leading to potential command execution with root access. No official remediation action has been provided.
EPSS Increase Delta: 22.01%
Affected Technology: Skype for Business
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2023-41763 has increased significantly by 22.01% indicating a higher risk of exploitation. This vulnerability relates to a Skype for Business Elevation of Privilege issue, which could allow attackers to execute actions with elevated permissions. As there is no current CISA KEV alert, organizations are advised to monitor vendor advisories for patches and updates.
EPSS Increase Delta: 20.65%
Affected Technology: Mini-stream RM Downloader 3.0.0.9
Is New CISA Known Exploited Vulnerability: False
Vulnerability CVE-2009-1646 indicates a significant EPSS increase of 20.65%, signaling enhanced exploitation potential. Originating from a stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9, this vulnerability could permit remote attackers to execute arbitrary code by crafting an oversized rtsp URL in a .ram file. The primary countermeasure involves updating the software, ensuring input validation, and avoiding unsolicited .ram files from untrusted sources.
EPSS Increase Delta: 15.21%
Affected Technology: Microsoft Internet Explorer
Is New CISA Known Exploited Vulnerability: False
EPSS score increased by 15.21%, indicating a heightened risk of exploitability. Microsoft Internet Explorer versions 5.01 SP4, 6 through SP1, and 7 are affected by a use-after-free vulnerability that permits remote attackers to execute arbitrary code through a malformed data stream that causes memory corruption, often with an unregistered MIME-type. No official patch has been provided, but users are advised to upgrade to a more recent version of Internet Explorer or an alternative browser to mitigate this issue.
EPSS Increase Delta: 14.93%
Affected Technology: Microsoft Windows Server 2008 R2, R2 SP1, and Windows 7 Gold, SP1
Is New CISA Known Exploited Vulnerability: False
EPSS has seen an increase of 14.93%, indicating heightened risk associated with CVE-2012-0152. The vulnerability involves the Remote Desktop Protocol service in certain Microsoft Windows versions, which allows remote attackers to hang applications through malicious packets. Microsoft released updates to address this issue, and applying these patches is the recommended course of action.
EPSS Increase Delta: 14.56%
Affected Technology: Nortek Linear eMerge E3-Series
Is New CISA Known Exploited Vulnerability: False
EPSS score increased from 68.08% to 82.65%, a delta of 14.56%. Nortek Linear eMerge E3-Series devices prior to 0.32-08f suffer from an unauthenticated OS command injection vulnerability due to an incomplete fix for a previous CVE. Immediate firmware update is recommended.
EPSS Increase Delta: 14.10%
Affected Technology: Microsoft Visio
Is New CISA Known Exploited Vulnerability: False
EPSS increase from 56.58% to 70.68% represents a notable risk jump of 14.10%. The vulnerability in Microsoft Visio versions 2002 SP2, 2003 SP2/SP3, and 2007 up to SP1 could allow execution of arbitrary code if a user opens a malicious Visio file with crafted object header data. Users should apply updates provided by Microsoft to mitigate this threat.
EPSS Increase Delta: 13.67%
Affected Technology: PlayTube 3.0.1
Is New CISA Known Exploited Vulnerability: False
After analyzing CVE-2023-4714, the EPSS change indicates an increase in perceived risk, rising from 58.33% to 72.00%, with a significant delta of 13.67%. The core issue is an information disclosure vulnerability in PlayTube 3.0.1, specifically within the Redirect Handler component. It is open to remote exploitation and could lead to unauthorized access to restricted information. It is critical to note that despite the vendor being made aware of this flaw, they have not issued a response or guidance for remediation.
EPSS Increase Delta: 13.09%
Affected Technology: Sorinara Streaming Audio Player 0.9
Is New CISA Known Exploited Vulnerability: False
EPSS has increased by 13.09% indicating a higher probability of exploitation. Sorinara Streaming Audio Player 0.9 is affected by a stack-based buffer overflow vulnerability due to the handling of .pla files which could allow remote attackers to execute arbitrary code. Steps to mitigate this issue include ensuring input validation for .pla files and updating to a non-vulnerable version of the software.
EPSS Increase Delta: 12.78%
Affected Technology: OpenDock FullCore
Is New CISA Known Exploited Vulnerability: False
EPSS score increased by 12.78% signaling a rise in the potential for exploitation. OpenDock FullCore 4.4 and previous versions have a critical flaw allowing remote execution of arbitrary PHP code through several scripts by manipulating the doc_directory parameter. There is no official fix, so consider disabling affected scripts or restricting access.
EPSS Increase Delta: 12.71%
Affected Technology: Apple QuickTime
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2007-3751 has increased by 12.71%, indicating a rise in risk associated with this issue. This vulnerability pertains to an undisclosed weakness in QuickTime for Java in Apple QuickTime versions prior to 7.3, where remote attackers can execute arbitrary code through untrusted Java applets that escalate privileges through means not detailed publicly. Immediate updating to version 7.3 or higher is recommended to mitigate this risk.
EPSS Increase Delta: 11.78%
Affected Technology: Sorinara Soritong MP3 Player 1.0
Is New CISA Known Exploited Vulnerability: False
The vulnerability in Sorinara Soritong MP3 Player 1.0, identified as CVE-2009-1643, has undergone a notable increase in exploitability with the EPSS delta now at 11.78%. This stack-based buffer overflow can be triggered by a maliciously crafted .m3u file, potentially allowing remote attackers to execute arbitrary code. Users should consider discontinuing the use of this software as no known patch is available.
EPSS Increase Delta: 11.70%
Affected Technology: Mozilla software products
Is New CISA Known Exploited Vulnerability: False
The EPSS score has increased from 44.46% to 56.16%, with a delta of 11.7%. This vulnerability impacts the browser engine in various Mozilla software products, leading to potential denial of service or arbitrary code execution due to unchecked validity post event dispatching. Affected versions include Firefox prior to 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8. Users should update to the latest versions.
EPSS Increase Delta: 12%
Affected Technology: Google Chrome
Is New CISA Known Exploited Vulnerability: False
EPSS has increased by 12%, indicating a rising risk related to CVE-2023-4762. This vulnerability involves Type Confusion in V8 found within Google Chrome versions before 116.0.5845.179. A remote attacker could execute arbitrary code by exploiting this flaw through a specially crafted HTML page. Users are urged to update Google Chrome to the latest version to mitigate this security issue.
EPSS Increase Delta: 10.96%
Affected Technology: Lexmark Devices
Is New CISA Known Exploited Vulnerability: False
The EPSS score for CVE-2023-26067 has increased by 10.96%, indicating growing risk. The vulnerability concerns specific Lexmark devices where there is improper input validation, potentially leading to an array of exploits. There is no immediate remediation specified, but users should monitor Lexmark communications for updates.
EPSS Increase Delta: 8.79%
Affected Technology: Oracle Application Server
Is New CISA Known Exploited Vulnerability: False
EPSS score increased by 8.79%, indicating a heightened risk. Vulnerability in Oracle Application Server allows remote shutdown of TNS Listener via malicious request using the database/TNS alias, classified as AS01.
EPSS Increase Delta: 10.87%
Affected Technology: Windows GDI
Is New CISA Known Exploited Vulnerability: False
EPSS increase of 10.87% indicates a growing risk for a buffer overflow vulnerability in Windows GDI affecting multiple OS versions. Attackers can execute arbitrary code using a malformed EMF image file. Immediate patching is recommended.
EPSS Increase Delta: 6.22%
Affected Technology: Linux Kernel
Is New CISA Known Exploited Vulnerability: True
EPSS has increased dramatically by 6.22%. The vulnerability in question affects the Linux kernel involving a stack buffer corruption in the load_elf_binary function, which could allow a local attacker to gain elevated privileges. Users are advised to apply vendor-suggested mitigations or to stop using the vulnerable product if no fix is obtainable. The report being added to the CISA KEV list underscores the importance of addressing this issue.
EPSS Increase Delta: 1.02%
Affected Technology: SonicWall SonicOS
Is New CISA Known Exploited Vulnerability: True
The EPSS score for CVE-2024-40766 saw a significant increase from less than 1% to over 1%, indicating a heightened risk profile. The vulnerability in question involves SonicWall SonicOS and is due to improper access control mechanisms. Successful exploitation could result in unauthorised access to resources and potentially cause the firewall to crash. Users are urged to apply vendor-provided mitigations or, if such measures are not available, to consider discontinuing use of the affected product.
EPSS Increase Delta: 0.70%
Affected Technology: ImageMagick
Is New CISA Known Exploited Vulnerability: True
EPSS increased slightly from 96.65% to 97.36%, with a delta of 0.70%. ImageMagick is vulnerable to improper input validation, affecting multiple coders and allowing remote code execution through a crafted image. Mitigations should be applied as per vendor instructions or discontinue use if unavailable.
EPSS Increase Delta: N/A
Affected Technology: Microsoft Windows
Is New CISA Known Exploited Vulnerability: True
EPSS has increased to 0.27%. Microsoft Windows Mark of the Web security feature contains a vulnerability that could allow attackers to bypass its defences, impacting features like Protected View in Office. Users should apply vendor-provided mitigations.
EPSS Increase Delta: 0.05%
Affected Technology: Microsoft Windows Installer
Is New CISA Known Exploited Vulnerability: True
The EPSS score for CVE-2024-38014 has risen due to it being listed in the CISA KEV catalogue, indicating a growing risk. This vulnerability in the Microsoft Windows Installer allows attackers to elevate their privileges to SYSTEM level. Users should apply the mitigations provided by Microsoft or, if unavailable, consider discontinuing use of the affected installer.
EPSS Increase Delta: 2.32%
Affected Technology: Microsoft Windows Update
Is New CISA Known Exploited Vulnerability: True
The EPSS score for CVE-2024-43491 has seen an increase, now at a 2.32% chance of being exploited. This is a severe vulnerability in Microsoft Windows Update, involving a use-after-free issue that could allow attackers to execute code remotely. Users are urged to apply the recommended mitigations as provided by the vendor, or discontinue using the affected product if no mitigations are in place. Notably, this vulnerability has been recognised by CISA and is listed on their KEV list, marking it as a significant risk.
EPSS Increase Delta: 0.05%
Affected Technology: Microsoft Publisher
Is New CISA Known Exploited Vulnerability: True
EPSS shows an increase to 0.05%. Microsoft Publisher is affected by a protection mechanism failure that permits bypassing Office macro policies intended to obstruct untrusted or harmful files. Implement vendor-specified mitigations or cease using the product if no mitigations exist.
EPSS by FIRST: https://www.first.org/epss/
CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Penetration Testing and SOC: https://www.precursorsecurity.com
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
![Experienced people icon]](https://cdn.prod.website-files.com/6569bb4bd6018f8bee273541/65c0fddfb82858785bf456d7_rating.png)
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
It’s important to know what you’re getting, what’s not included and what else is available. This starts with understanding a SOC and it’s critical functions. CREST has recently published a guide to the critical functions of a SOC which aligns with the CREST SOC standard.
Enter your details here and to get the complete guide instantly sent to your inbox.
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
Precursor Security
Welcome to Precursor Security, where the forefront of cybersecurity and penetration testing expertise meets unmatched dedication and innovation. We are the architects of robust digital defences, committed to safeguarding the online realm.
Sign up for the Precursor newsletter to receive valuable insights and strategies for safeguarding your organisation.
