This Weekly Vulnerability Intelligence Report explores vulnerability updates between September 11 and September 17. The Cyble Research and Intelligence Labs team investigated 24 vulnerabilities this week, among other disclosed vulnerabilities, to present critical, high, and medium degree insights.
CVE-2024-45409: Improper Verification of Cryptographic Signature in GitLab Community Edition (CE) and Enterprise Edition (EE)
The critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). Security Assertion Markup Language (SAML) is a single sign-on (SSO) authentication protocol that allows users to log in across different services using the same credentials. An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as an arbitrary user within the vulnerable system.
CVSS Score: 10
Internet Exposure: No
Patch Available: Yes
CVE-2024-38812: Heap-based Buffer Overflow in VMware vCenter Server
The critical heap-overflow vulnerability impacts the VMware vCenter Server, a centralized management platform for VMware vSphere environments that provides a single interface to manage and monitor multiple ESXi hosts and the virtual machines running on them. A malicious actor with network access to the vCenter Server may trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.
CVSS Score: 9.8
Internet Exposure: Yes
Patch Available: Yes
CVE-2024-29847: Deserialization of Untrusted Data in Ivanti Endpoint Manager
The critical vulnerability impacts Ivanti Endpoint Manager is a comprehensive solution designed for managing and securing endpoints across various operating systems and devices. It integrates Unified Endpoint Management (UEM) capabilities, allowing IT teams to oversee a diverse range of devices from a single platform. Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6 or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVSS Score: 9.8
Internet Exposure: Yes
Patch Available: Yes
CVE-2024-6671, CVE-2024-6670: SQL Injection in Progress WhatsUp Gold
The criticalSQL Injection vulnerabilities impact Progress WhatsUp Gold, a comprehensive network monitoring software designed to provide visibility and control over network devices, servers, applications, and virtual environments. It allows IT teams to monitor performance metrics and ensure the health of their infrastructure, whether deployed on-premises or in the cloud. The exploitation of the vulnerabilities allows an unauthenticated attacker to retrieve the user’s encrypted password.
Recently, researchers disclosed that attackers are leveraging publicly available exploit code to exploit critical vulnerabilities.
CVSS Score: 9.8 respectively
Internet Exposure: Yes
Patch Available: Yes
CVE-2024-45694: Stack-based Buffer Overflow in D-Link Routers
Impact Analysis: The critical stack-based buffer overflow vulnerability impacts the web service of certain models of D-Link wireless routers. Unauthenticated, remote attackers can exploit this vulnerability to execute arbitrary code on the device.
CVSS Score: 9.8
Internet Exposure: No
Patch Available: Yes
CVE-2024-6678: Authentication Bypass by Spoofing in GitLab Community Edition (CE) and Enterprise Edition (EE)
Impact Analysis: The high severity vulnerability impacts GitLab Community Edition (CE) and Enterprise Edition (EE), affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2. The exploitation of the vulnerability allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances, leading to the disruption of automated workflows of targeted organizations.
CVSS Score: 8.8
Internet Exposure: No
Patch Available: Yes
CRIL observed multiple instances of vulnerability discussions and the promulgation of proof-of-concepts (POCs) in underground forums and channels.
Make it a priority to update all your systems with the latest vendor patches. Vulnerabilities get exploited quickly, and having a schedule for regular updates ensures you’re not left exposed. Apply critical patches as soon as they’re released—don’t delay.
Building a solid patch management process is key. It starts with knowing what’s in your system, followed by assessing, testing, and deploying patches in an orderly fashion. Automating this process can save time and prevent human error.
Don’t put all your eggs in one basket. Segregating your network can safeguard your most critical assets by limiting their exposure. Use firewalls, VLANs, and tight access controls to ensure only authorized users have access.
When incidents happen—and they will—having a well-rehearsed incident response plan is a lifesaver. It should clearly define how you’ll detect, react to, and recover from threats. Regularly test and update this plan to ensure it’s aligned with the latest risks.
You can’t fix what you can’t see. Monitoring and logging malicious activity is crucial. Use SIEM solutions to collect and analyze logs in real-time, helping you catch threats before they escalate.
Stay ahead of threats by subscribing to security alerts from vendors and authorities. Make sure to evaluate the impact of these alerts on your organization and act swiftly.
Conduct regular Vulnerability Assessments and Penetration Testing (VAPT) to expose weak points in your defenses. Pair these exercises with audits to confirm you’re following security protocols.
Keeping a current inventory of internal and external assets, like hardware and software, is essential. Asset management tools can help maintain visibility, so you stay on top of everything in your network.
Weak passwords are an open door for hackers. Start by changing default passwords immediately and enforcing a strong password policy across your organization. Coupling that with multi-factor authentication (MFA) adds an extra layer of protection, making it harder for unauthorized users to gain access.