The Cybersecurity and Infrastructure Security Agency (CISA) has published its latest vulnerability bulletin, detailing over 270 security vulnerabilities identified in the past week across a wide range of software and hardware.
These vulnerabilities affect popular applications, operating systems, IoT devices, and development frameworks, posing significant risks if left unpatched.
The vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS):
- Critical (CVSS 9.0–10.0): Immediate attention required.
- High (CVSS 7.0–8.9): Potential to cause major disruptions.
- Medium (CVSS 4.0–6.9): Less severe but still actionable.
- Low (CVSS 0.0–3.9): Minimal impact.
Nutzung der 2024 MITRE ATT&CK-Ergebnisse für KMU- und MSP-Cybersicherheitsverantwortliche - Teilnahme am kostenlosen Webinar
Top Critical Vulnerabilities
Several vulnerabilities have been classified as Critical (CVSS 10.0) due to their potential to enable remote code execution (RCE), unauthorized access, and data breaches.
ABB ASPECT-Enterprise Suite
Multiple critical flaws (e.g., CVE-2024-11317, CVE-2024-48839) allow attackers to exploit session fixation, remote code execution, and default credential misuse across products such as ASPECT, MATRIX, and NEXUS Series.
WordPress Plugins
Widely used plugins such as Roninwp FAT Services Booking (CVE-2024-54221) and Swift Performance Lite (CVE-2024-10516) are vulnerable to SQL injection, file inclusion, and XSS attacks.
IoT and Networking Devices
Devices such as Victure RX1800 WiFi Routers (CVE-2024-53940) and Zyxel VMG4005-B50A firmware (CVE-2024-9200) suffer from command injection vulnerabilities, allowing remote attackers to execute malicious code.
ROS2 (Robotic Operating System)
Buffer overflows and use-after-free vulnerabilities (e.g., CVE-2024-37861, CVE-2024-38920) in Open Robotics’ ROS2 can lead to denial-of-service attacks or arbitrary code execution.
Django
SQL injection vulnerabilities (e.g., CVE-2024-53908) in Django’s Oracle database implementations could expose applications to critical data manipulation risks.
Notable High-Severity Vulnerabilities
- Google Chrome (CVE-2024-12053): A type confusion bug in Chrome’s V8 engine could allow attackers to corrupt objects, potentially leading to code execution via malicious web pages.
- ABB ASPECT-Enterprise: Vulnerabilities like improper input validation (CVE-2024-51550) and data sanitization flaws (CVE-2024-51541) enable attackers to inject malicious scripts.
- Android Devices: Various Android components are affected by out-of-bounds write flaws (e.g., CVE-2018-9430) and privilege escalation vulnerabilities (e.g., CVE-2018-9380).
Widespread Medium-Severity Issues
While not as urgent, medium-severity vulnerabilities (CVSS 4.0–6.9) still require action:
- WordPress Themes and Plugins: Many are affected by XSS vulnerabilities, including TI WooCommerce Wishlist and Convert Forms for Joomla.
- Development Frameworks: Issues in libraries like python-multipart could lead to denial-of-service attacks (CVE-2024-53981).
Vendor Breakdown
WordPress Plugins: A large portion of vulnerabilities stem from insecure WordPress plugins, such as Advanced File Manager (CVE-2024-11391) and Awesome Shortcodes (CVE-2024-54209). These vulnerabilities often allow unauthorized access or data injection.
Networking Devices: IoT and networking products, including those from Ruijie (CVE-2024-47547) and Lorex (CVE-2024-52547), have critical flaws that enable remote command execution or unauthorized data access.
Industrial Systems: Industrial systems from companies like ABB and Siemens (e.g., CVE-2024-52335) show vulnerabilities that could compromise operational technology environments.
Recommendations
CISA recommends immediate action to mitigate these vulnerabilities:
- Apply Patches: Update systems, firmware, and software to the latest versions.
- Strengthen Access Controls: Remove or disable default credentials and implement multi-factor authentication.
- Monitor Networks: Use intrusion detection systems to identify and respond to exploitation attempts.
- Regular Audits: Continuously assess infrastructure for potential vulnerabilities.
Users and organizations are urged to review the full CISA Vulnerability Bulletin and consult the respective CVE entries for detailed technical information and patching guidance. These vulnerabilities emphasize the critical need for proactive cybersecurity measures in an increasingly interconnected world.
