cyble.com
Open in
urlscan Pro
192.0.78.152
Public Scan
URL:
https://cyble.com/blog/it-vulnerability-report-fortinet-sonicwall-grafana-exposures-top-1-million/
Submission: On November 01 via api from TR — Scanned from DE
Submission: On November 01 via api from TR — Scanned from DE
Form analysis 4 forms found in the DOM
POST https://wordpress.com/email-subscriptions
<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="221651828" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog" data-hs-cf-bound="true" data-cb-wrapper="true">
<div class="wp-block-jetpack-subscriptions__form-elements">
<p id="subscribe-email">
<label id="subscribe-field-label" for="subscribe-field" class="screen-reader-text"> Type your email… </label>
<input required="required" type="email" name="email" class="no-border-radius has-ast-global-color-6-border-color" style="font-size: 16px;padding: 10px 15px 10px 15px;border-color: ast-global-color-6;border-radius: 0px;border-width: 1px;"
placeholder="Type your email…" value="" id="subscribe-field" title="Please fill in this field.">
</p>
<p id="subscribe-submit" style="width: ;max-width: 100%;">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="221651828">
<input type="hidden" name="source" value="https://cyble.com/blog/it-vulnerability-report-fortinet-sonicwall-grafana-exposures-top-1-million/">
<input type="hidden" name="sub-type" value="subscribe-block">
<input type="hidden" name="app_source" value="">
<input type="hidden" name="redirect_fragment" value="subscribe-blog">
<input type="hidden" name="lang" value="en_US">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="1fde7e7cd7"><input type="hidden" name="_wp_http_referer" value="/blog/it-vulnerability-report-fortinet-sonicwall-grafana-exposures-top-1-million/"><input type="hidden" name="post_id"
value="70155"> <button type="submit" class="wp-block-button__link no-border-radius has-ast-global-color-6-border-color"
style="background: #cc0000;width: 100%;font-size: 16px;padding: 10px 15px 10px 15px;margin: 0; margin-left: 10px;border-color: ast-global-color-6;border-radius: 0px;border-width: 1px;" name="jetpack_subscriptions_widget"> Subscribe Now <span
class="jetpack-memberships-spinner"> <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
<path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
</svg></span></button>
</p>
</div>
</form>GET https://cyble.com/
<form class="search-form" action="https://cyble.com/" method="get" data-hs-cf-bound="true" data-cb-wrapper="true">
<fieldset>
<span class="text">
<label for="search-field" class="screen-reader-text">Begin Search...</label>
<input id="search-field" name="s" class="search-field" autocomplete="off" type="text" value="" placeholder="Begin Search..." tabindex="1">
</span>
<button aria-label="Search" id="search_submit" class="button search-submit" tabindex="2"><i class="astra-search-icon"> <span class="ast-icon icon-search"></span> </i></button>
</fieldset>
</form>POST https://wordpress.com/email-subscriptions
<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="221651828" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog-2" data-hs-cf-bound="true" data-cb-wrapper="true">
<div class="wp-block-jetpack-subscriptions__form-elements">
<p id="subscribe-email">
<label id="subscribe-field-2-label" for="subscribe-field-2" class="screen-reader-text"> Type your email… </label>
<input required="required" type="email" name="email" style="font-size: 16px;padding: 15px 23px 15px 23px;border-radius: 50px;border-width: 1px;" placeholder="Type your email…" value="" id="subscribe-field-2" title="Please fill in this field.">
</p>
<p id="subscribe-submit">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="221651828">
<input type="hidden" name="source" value="https://cyble.com/blog/it-vulnerability-report-fortinet-sonicwall-grafana-exposures-top-1-million/">
<input type="hidden" name="sub-type" value="subscribe-block">
<input type="hidden" name="app_source" value="atomic-subscription-modal-lo">
<input type="hidden" name="redirect_fragment" value="subscribe-blog-2">
<input type="hidden" name="lang" value="en_US">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="1fde7e7cd7"><input type="hidden" name="_wp_http_referer" value="/blog/it-vulnerability-report-fortinet-sonicwall-grafana-exposures-top-1-million/"><input type="hidden" name="post_id"
value="70155"> <button type="submit" class="wp-block-button__link" style="font-size: 16px;padding: 15px 23px 15px 23px;margin: 0; margin-left: 10px;border-radius: 50px;border-width: 1px;" name="jetpack_subscriptions_widget"> Subscribe <span
class="jetpack-memberships-spinner"> <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
<path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
</svg></span></button>
</p>
</div>
</form><form id="jp-carousel-comment-form" data-hs-cf-bound="true" data-cb-wrapper="true">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label>
<textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>Text Content
Check your External Threat Exposure Get Free Threat Assessment Report
Try Cyble Vision for 30 days with our Experts Schedule Free Demo
×
Skip to content
* IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million
Switch to Cyble
Report an Incident
Talk to Sales
We are Hiring!
Login
Login
* ProductsMenu Toggle
* For Enterprises(B2B) and GovernmentsMenu Toggle
* AI-Driven Cybersecurity Platforms
* Cyble VisionFor Enterprises
Award-winning cyber threat intelligence platform, designed to provide
enhanced security through real-time intelligence and threat detection.
* Cyble HawkFor Federal Bodies
Protects sensitive information and assets from cyber threats with its
specialized threat detection and intelligence capabilities built for
federal bodies.
* For Enterprises(B2B) and Individuals(B2C)Menu Toggle
* AmIBreached
Enables consumers and organizations to Identify, Prioritize and Mitigate
darkweb risks.
* Odin by CybleNew
The most advanced internet-scanning tool in the industry for real-time
threat detection and cybersecurity
* The Cyber ExpressSubscribe
#1 Trending Cyber Security News and Magazine
* We’ve just released an update!
Cyble has an update that enhances ASM, CTI and more...
Menu Toggle
* Schedule a Demo
* SolutionsMenu Toggle
* Detect > Validate > CloseMenu Toggle
* AI-Driven SolutionsPowered by AIMenu Toggle
* Attack Surface Management
Ensure digital security by identifying and mitigating threats with
Cyble's Attack Surface Management
* Brand Intelligence
Comprehensive protection against online brand abuse, including brand
impersonation, phishing, and fraudulent domains.
* Cyber Threat Intelligence
Gain insights and enhance your defense with AI-driven analysis and
continuous threat monitoring
* Dark Web Monitoring
Stay vigilant and ahead of cybercriminals with Cyble's comprehensive
Dark Web Monitoring.
* Vulnerability Management
Advanced scanning, risk evaluation, and efficient remediation
strategies to protect against cyber threats.
* Menu ItemMenu Toggle
* Takedown and Disruption
Fight cybercrime with Cyble’s top takedown services—remove fraud sites,
content, and disrupt malicious campaigns.
* Third Party Risk Management
Identify and mitigate third-party risks to keep your business secure in
external collaborations.
* Digital Forensics & Incident Response
Cyble offers comprehensive DFIR services to help businesses manage,
mitigate, and recover from cyber incidents.
* Physical Security Intelligence
Monitor multiple locations on one platform with real-time alerts, AI
insights, and tailored threat notifications for proactive security.
* Executive Monitoring
Protect your leadership with proactive threat detection, covering
impersonations, PII leaks, and dark web monitoring with prompt alerts.
* Solutions by Industry
Menu Toggle
* Healthcare & Pharmaceuticals
* Financial Services
* Retail and CPG
* Technology Industry
* Educational Platform
* Solutions by Role
Menu Toggle
* Information Security
* Corporate Security
* Marketing
* Why Cyble?Menu Toggle
* Compare CybleMenu Toggle
* Industry RecognitionAwards
* Customer Stories
* ResourcesMenu Toggle
* Thought LeadershipMenu Toggle
* Blog
Discover the latest in cybersecurity with Cyble's blog, featuring a
wealth of articles, research findings, and insights. CRIL is an
invaluable resource for anyone interested in the evolving world of cyber
threats and defenses, offering expert analysis and updates.
* Threat Actor Profiles
* SAMA Compliance
* Events
Conferences, Webinars, Training sessions and more…
* Data SheetsMenu Toggle
* Case Studies
Dive into Cyble's case studies to discover real-world applications of
their cybersecurity solutions. These studies provide valuable insights
into how Cyble addresses various cyber threats and enhances digital
security for different organizations.
* Research Reports
* Country Reports
* Industry Reports
* Ransomware Reports
* WhitepapersDownload
* External Threat Assessment ReportDownload Report
* Research ReportsLatest Report
Menu Toggle
* Free Tools
* Scan The Dark Web
* Scan The Internet
* CompanyMenu Toggle
* Our Story
Learn about Cyble's journey and mission in the cybersecurity landscape.
Menu Toggle
* Leadership Team
Meet our leadership team.
* CareersWe are hiring!
Explore a career with Cyble and contribute to cutting-edge cybersecurity
solutions. Check out Cyble's career opportunities.
* Press
* PartnersMenu Toggle
* Cyble Partner Network (CPN)Join Us
Join Cyble's Partner Network to collaborate and innovate in cybersecurity.
This platform offers unique opportunities for partnerships, fostering
growth and shared success in tackling cyber threats together.
Menu Toggle
* Partner Login
* Become a PartnerRegister
Elevate your cybersecurity business with the Cyble Partner Network:
Access cutting-edge tools, expert support, and growth opportunities.
Ideal for MSSPs, resellers, and alliances.
Free Trial
Free Trial
Main Menu
* ProductsMenu Toggle
* For Enterprises(B2B) and GovernmentsMenu Toggle
* AI-Driven Cybersecurity Platforms
* Cyble VisionFor Enterprises
Award-winning cyber threat intelligence platform, designed to provide
enhanced security through real-time intelligence and threat detection.
* Cyble HawkFor Federal Bodies
Protects sensitive information and assets from cyber threats with its
specialized threat detection and intelligence capabilities built for
federal bodies.
* For Enterprises(B2B) and Individuals(B2C)Menu Toggle
* AmIBreached
Enables consumers and organizations to Identify, Prioritize and Mitigate
darkweb risks.
* Odin by CybleNew
The most advanced internet-scanning tool in the industry for real-time
threat detection and cybersecurity
* The Cyber ExpressSubscribe
#1 Trending Cyber Security News and Magazine
* We’ve just released an update!
Cyble has an update that enhances ASM, CTI and more...
Menu Toggle
* Schedule a Demo
* SolutionsMenu Toggle
* Detect > Validate > CloseMenu Toggle
* AI-Driven SolutionsPowered by AIMenu Toggle
* Attack Surface Management
Ensure digital security by identifying and mitigating threats with
Cyble's Attack Surface Management
* Brand Intelligence
Comprehensive protection against online brand abuse, including brand
impersonation, phishing, and fraudulent domains.
* Cyber Threat Intelligence
Gain insights and enhance your defense with AI-driven analysis and
continuous threat monitoring
* Dark Web Monitoring
Stay vigilant and ahead of cybercriminals with Cyble's comprehensive
Dark Web Monitoring.
* Vulnerability Management
Advanced scanning, risk evaluation, and efficient remediation
strategies to protect against cyber threats.
* Menu ItemMenu Toggle
* Takedown and Disruption
Fight cybercrime with Cyble’s top takedown services—remove fraud sites,
content, and disrupt malicious campaigns.
* Third Party Risk Management
Identify and mitigate third-party risks to keep your business secure in
external collaborations.
* Digital Forensics & Incident Response
Cyble offers comprehensive DFIR services to help businesses manage,
mitigate, and recover from cyber incidents.
* Physical Security Intelligence
Monitor multiple locations on one platform with real-time alerts, AI
insights, and tailored threat notifications for proactive security.
* Executive Monitoring
Protect your leadership with proactive threat detection, covering
impersonations, PII leaks, and dark web monitoring with prompt alerts.
* Solutions by Industry
Menu Toggle
* Healthcare & Pharmaceuticals
* Financial Services
* Retail and CPG
* Technology Industry
* Educational Platform
* Solutions by Role
Menu Toggle
* Information Security
* Corporate Security
* Marketing
* Why Cyble?Menu Toggle
* Compare CybleMenu Toggle
* Industry RecognitionAwards
* Customer Stories
* ResourcesMenu Toggle
* Thought LeadershipMenu Toggle
* Blog
Discover the latest in cybersecurity with Cyble's blog, featuring a
wealth of articles, research findings, and insights. CRIL is an
invaluable resource for anyone interested in the evolving world of cyber
threats and defenses, offering expert analysis and updates.
* Threat Actor Profiles
* SAMA Compliance
* Events
Conferences, Webinars, Training sessions and more…
* Data SheetsMenu Toggle
* Case Studies
Dive into Cyble's case studies to discover real-world applications of
their cybersecurity solutions. These studies provide valuable insights
into how Cyble addresses various cyber threats and enhances digital
security for different organizations.
* Research Reports
* Country Reports
* Industry Reports
* Ransomware Reports
* WhitepapersDownload
* External Threat Assessment ReportDownload Report
* Research ReportsLatest Report
Menu Toggle
* Free Tools
* Scan The Dark Web
* Scan The Internet
* CompanyMenu Toggle
* Our Story
Learn about Cyble's journey and mission in the cybersecurity landscape.
Menu Toggle
* Leadership Team
Meet our leadership team.
* CareersWe are hiring!
Explore a career with Cyble and contribute to cutting-edge cybersecurity
solutions. Check out Cyble's career opportunities.
* Press
* PartnersMenu Toggle
* Cyble Partner Network (CPN)Join Us
Join Cyble's Partner Network to collaborate and innovate in cybersecurity.
This platform offers unique opportunities for partnerships, fostering
growth and shared success in tackling cyber threats together.
Menu Toggle
* Partner Login
* Become a PartnerRegister
Elevate your cybersecurity business with the Cyble Partner Network:
Access cutting-edge tools, expert support, and growth opportunities.
Ideal for MSSPs, resellers, and alliances.
TRENDING
TARGETED INDUSTRIES -> IT & ITES | Government & LEA | Technology | Healthcare |
BFSITARGETED COUNTRIES -> United States | Russian Federation | China | United
Kingdom | GermanyTARGETED REGIONS -> North America (NA) | Europe & UK | Asia &
Pacific (APAC) | Middle East & Africa (MEA) | Australia and New Zealand
(ANZ)IOCs -> a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 |
7bdbd180c081fa63ca94f9c22c457376 |
c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 |
8c69830a50fb85d8a794fa46643493b2 | bbcf7a68f4164a9f5f5cb2d9f30d9790CVEs ->
CVE-2024-21887 | CVE-2023-46805 | CVE-2017-11882 | CVE-2024-21893 |
CVE-2021-44228TECHNIQUES -> T1082 | T1140 | T1486 | T1083 | T1105TACTICS ->
TA505 | TA0011 | TA0001 | TA0002 | TA0005TAGS -> security | the-cyber-express |
firewall-daily | the-cyber-express-news | malwareTHREAT ACTORS -> Lockbit |
Blackcat | Lazarus | VoltTyphoon | KimsukyMALWARE -> CobaltStrike | Qakbot |
Icedid | Trickbot | XmrigSOURCES -> Darkreading | The Cyber Express |
Bleepingcomputer | The Hacker News | Infosecurity Magazine
Home » Blog » IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures
Top 1 Million
* Exploit, Vulnerability
* November 1, 2024
IT VULNERABILITY REPORT: FORTINET, SONICWALL, GRAFANA EXPOSURES TOP 1 MILLION
Cyble’s weekly IT vulnerability report highlights vulnerabilities in Fortinet,
SonicWall, Grafana Labs, CyberPanel and more.
OVERVIEW
Cyble Research and Intelligence Labs (CRIL) researchers investigated 17
vulnerabilities and nine dark web exploits during the period of Oct. 23-29, and
highlighted seven vulnerabilities that merit high-priority attention from
security teams.
This week’s IT vulnerability report affects an unusually high number of exposed
devices and instances: Vulnerabilities in Fortinet, SonicWall, and Grafana Labs
can be found in more than 1 million web-facing assets, and a pair of
10.0-severity vulnerabilities in CyberPanel have already been mass-exploited in
ransomware attacks.
Security teams should assess which of these vulnerabilities are present in their
environments and the risks they pose and apply patches and mitigations promptly.
THE WEEK’S TOP IT VULNERABILITIES
Here are the top IT vulnerabilities identified by Cyble threat intelligence
researchers this week.
CVE-2024-40766: SONICWALL SONICOS
CVE-2024-40766 is a 9.8-severity improper access control vulnerability in the
administrative interface and controls in the SonicOS operating system used for
managing SonicWall’s network security appliances and firewalls. Managed security
firm Arctic Wolf has reported that Fog and Akira ransomware operators are
increasingly exploiting this vulnerability in SSL VPN environments to gain an
initial foothold to compromise networks.
Cyble has detected more than 486,000 internet-exposed devices with this
vulnerability, making it a critically important priority for security teams.
Your browser does not support the video tag.
CVE-2024-47575 AND CVE-2024-23113: FORTINET FORTIOS AND FORTIMANAGER
Fortinet environments are under attack from threat actors exploiting a pair of
recent 9.8-severity vulnerabilities: CVE-2024-47575, also known as “FortiJump,”
is a vulnerability in Fortinet FortiManager that allows an attacker to execute
arbitrary code or commands via specially crafted requests. Recently, researchers
disclosed that the threat actor tracked as UNC5820 has been exploiting the flaw
since at least June 27, 2024.
For more than a week before the October 23 disclosure of CVE-2024-47575,
security researchers were concerned that Fortinet was slow in disclosing a
FortiManager zero-day known to be under exploitation. However, it appears that a
week before the CVE was released, Fortinet notified customers of a FortiManager
vulnerability and provided some recommended mitigations. Some FortiManager
customers reported that they didn’t get that communication, suggesting a need
for a clearer advisory process. Fortinet updated its guidance on the
vulnerability yesterday.
Cyble researchers also observed threat actors on a cybercrime forum discussing
exploits of CVE-2024-23113, a critical vulnerability in multiple versions of
FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager that allows remote,
unauthenticated attackers to execute arbitrary code through specially crafted
requests.
Cyble has identified 62,000 exposed instances of the FortiManager vulnerability,
and 427,000 internet-facing Fortinet devices exposed to CVE-2024-23113 (see
graphic below).
Exposed assets for the top vulnerabilities (Cyble research)
CVE-2024-9264: GRAFANA LABS
CVE-2024-9264 is a 9.4-severity vulnerability in the SQL Expressions
experimental feature of Grafana, an open-source analytics and monitoring
platform developed by Grafana Labs. It is designed to visualize and analyze data
from various sources through customizable dashboards. This feature allows for
the evaluation of ‘duckdb’ queries containing user input. These queries are
insufficiently sanitized before being passed to ‘duckdb,’ leading to a command
injection and local file inclusion vulnerability.
Cyble reported 209,000 internet-facing Grafana instances exposed to the
vulnerability.
CVE-2024-51567 AND CVE-2024-51568: CYBERPANEL
CVE-2024-51567 and CVE-2024-51568 are critical vulnerabilities in CyberPanel,
an open-source web hosting control panel designed to simplify server management,
particularly for those using the LiteSpeed web server. NVD has yet to rate the
vulnerabilities, but MITRE has assigned them each a 10.0. CVE-2024-51567 is a
flaw in upgrademysqlstatus in databases/views.py, which allows remote attackers
to bypass authentication and execute arbitrary commands via
/dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a
POST request) and using shell metacharacters in the statusfile property, and was
exploited in the wild in October in a massive PSAUX ransomware attack.
CVE-2024-51568 is a command Injection flaw via completePath in the
ProcessUtilities.outputExecutioner() sink.
Nearly 33,000 CyberPanel instances are exposed to these vulnerabilities, more
than half of which have been targeted in mass ransomware and cryptominer
attacks.
CVE-2024-46483: XLIGHT FTP SERVER
CVE-2024-46483 is a critical integer overflow vulnerability still undergoing
analysis that affects Xlight FTP Server, a high-performance file transfer server
for Windows designed to facilitate secure and efficient FTP and SFTP (SSH2) file
transfers. The flaw lies in the packet parsing logic of the SFTP server, which
can lead to a heap overflow with attacker-controlled content. Multiple
organizations across various sectors use this server because of its Active
Directory and LDAP integration functionalities. Cyble assesses that attackers
could leverage this vulnerability in campaigns due to the availability of public
Proof of Concepts (PoC).
VULNERABILITIES AND EXPLOITS ON UNDERGROUND FORUMS
CRIL researchers observed multiple Telegram channels and cybercrime forums where
channel administrators shared or discussed exploits weaponizing a number of
vulnerabilities, some of which were discussed above. Others include:
CVE-2024-9464: A critical OS command injection vulnerability found in Palo Alto
Networks’ Expedition tool, which allows an attacker to execute arbitrary OS
commands as root, potentially leading to the disclosure of sensitive
information.
CVE-2024-42640: A critical vulnerability affecting the angular-base64-upload
library, specifically in versions prior to v0.1.21. This vulnerability allows
remote code execution (RCE) through the demo/server.php endpoint, enabling
attackers to upload arbitrary files to the server.
CVE-2024-3656: A high-risk vulnerability affecting Keycloak versions prior to
24.0.5. The vulnerability allows low-privilege users to access certain endpoints
in Keycloak’s admin REST API, enabling them to perform actions reserved for
administrators.
CVE-2024-9570: A critical buffer overflow vulnerability in the D-Link DIR-619L
B1 router, specifically in firmware version 2.06, occurs in the
‘formEasySetTimezone’ function. The issue arises when the ‘curTime’ argument is
manipulated, leading to a situation where an attacker can execute arbitrary code
remotely.
CVE-2024-46538: A critical cross-site scripting (XSS) vulnerability in pfSense
version 2.5.2 allows attackers to execute arbitrary web scripts or HTML by
injecting a ‘crafted payload’ into the $pconfig variable, specifically through
the ‘interfaces_groups_edit.php’ file.
CVE-2024-21305: A vulnerability identified as a Hypervisor-Protected Code
Integrity (HVCI) Security Feature Bypass allows attackers to circumvent HVCI
protections, enabling the execution of unauthorized code on affected systems
running versions of Windows and Windows Server OS.
CVE-2024-23692: A critical vulnerability affecting the Rejetto HTTP File Server
(HFS) that allows unauthenticated remote code execution (RCE) through a command
injection flaw.
CYBLE RECOMMENDATIONS
To protect against these vulnerabilities and exploits, organizations should
implement the following best practices:
* To mitigate vulnerabilities and protect against exploits, regularly update
all software and hardware systems with the latest patches from official
vendors.
* Develop a comprehensive patch management strategy that includes inventory
management, patch assessment, testing, deployment, and verification. Automate
the process where possible to ensure consistency and efficiency.
* Divide your network into distinct segments to isolate critical assets from
less secure areas. Use firewalls, VLANs, and access controls to limit access
and reduce the attack surface exposed to potential threats.
* Create and maintain an incident response plan that outlines procedures for
detecting, responding to, and recovering from security incidents. Regularly
test and update the plan to ensure its effectiveness and alignment with
current threats.
* Implement comprehensive monitoring and logging solutions to detect and
analyze suspicious activities. Use SIEM (Security Information and Event
Management) systems to aggregate and correlate logs for real-time threat
detection and response.
* Subscribe to security advisories and alerts from official vendors, CERTs, and
other authoritative sources. Regularly review and assess the impact of these
alerts on your systems and take appropriate actions.
* Conduct regular vulnerability assessment and penetration testing (VAPT)
exercises to identify and remediate vulnerabilities in your systems.
Complement these exercises with periodic security audits to ensure compliance
with security policies and standards.
CONCLUSION
These vulnerabilities highlight the urgent need for security teams to prioritize
patching critical vulnerabilities in major products and those that could be
weaponized as entry points for wider attacks. With increasing discussions of
these exploits on dark web forums, organizations must stay vigilant and
proactive. Implementing strong security practices is essential to protect
sensitive data and maintain system integrity.
RELATED
WEEKLY IT VULNERABILITY REPORT: CYBLE RESEARCHERS FIND NEARLY 1 MILLION EXPOSED
FORTINET, SONICWALL DEVICES
In a week of significant vulnerabilities and dark web exploits, flaws in
SonicWall, Traccar, Fortra and Apache OFbiz merit high attention from security
teams.
August 30, 2024
In "Vulnerability"
CISA ADDS THREE CRITICAL VULNERABILITIES TO KNOWN EXPLOITED VULNERABILITIES
CATALOG
The Cybersecurity and Infrastructure Security Agency (CISA) KEV Catalog adds
CVE-2016-3714, CVE-2017-1000253, and CVE-2024-40766.
September 10, 2024
In "Cyber news"
VULNERABLE FORTINET DEVICES: LOW-HANGING FRUIT FOR THREAT ACTORS
Cyble analyzes the increasing incidences of vulnerabilities in Fortinet,
highlighting the impact they have on Critical Infrastructure.
February 16, 2024
In "Vulnerability"
Technical Content! Subscribe to Unlock
Sign up and get access to Cyble Research and Intelligence Labs' exclusive
contents
Email
Country
Phone
Unlock this Content
GET THREAT ASSESSMENT REPORT
Identify External Threats Targeting Your Business
Get My Report
Free
Your browser does not support the video tag.
*
*
CISO’S GUIDE TO THREAT INTELLIGENCE 2024: BEST PRACTICES
Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free
E-Book Now
Search for your darkweb exposure
Use Cyble's Largest Dark Web Monitoring Engine to Assess Your Exposure. Make
Sure You're Aware of the Risks by Searching Through Our 150,447,938,145 Records!
We Have Over 50,000 Data Breaches, Several Hacking Forums, Conversations
Indexed.
Download Now
Cybercrime Magazine · AI's Impact On Cybersecurity. Microsoft Recall & Beyond.
Beenu Arora, Co-Founder & CEO, Cyble.
Business Email Address*
Type your email…
Subscribe Now
Share the Post:
PrevPreviousCyble Sensors Detect New Attacks on LightSpeed, GutenKit WordPress
Plugins
RELATED POSTS
IT VULNERABILITY REPORT: FORTINET, SONICWALL, GRAFANA EXPOSURES TOP 1 MILLION
November 1, 2024
CYBLE SENSORS DETECT NEW ATTACKS ON LIGHTSPEED, GUTENKIT WORDPRESS PLUGINS
October 31, 2024
QUICK LINKS
Main Menu
* Home
* About Us
* Blog
* Cyble Partner Network (CPN)
* Press
* Responsible Disclosure
* Knowledge Hub
* Sitemap
PRODUCTS
Main Menu
* AmIBreached
* Cyble Vision
* Cyble Hawk
* Cyble Odin
* The Cyber Express
SOLUTIONS
Main Menu
* Attack Surface Management
* Brand Intelligence
* Threat Intelligence Platform
* Dark Web Monitoring
* Takedown and Disruption
* Vulnerability Management
PRIVACY POLICY
Main Menu
* AmIBreached
* Cyble Vision
* Cyble Trust Portal
SCHEDULE A PERSONALIZED DEMO TO UNCOVER THREATS THAT NO ONE TELLS YOU
Book a Demo
© 2024. Cyble Inc.(#1 Threat Intelligence Platform Company). All Rights Reserved
Made with from Cupertino
Twitter Linkedin Youtube
Request a demo
Upcoming Events
Research Reports
Talk To Sales
START TYPING AND PRESS ENTER TO SEARCH
Begin Search...
Scroll to Top
DISCOVER MORE FROM CYBLE
Subscribe now to keep reading and get access to the full archive.
Type your email…
Subscribe
Continue reading
Loading Comments...
Write a Comment...
Email Name Website
We use cookies to ensure that we give you the best experience on our website. If
you continue to use this site we will assume that you are happy with it.Ok
Stay ahead in Cybersecurity with Cyble Research. You can unsubscribe at any
time.
AllowCancel
×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our 19 advertising partners use cookies and
similar technologies on this site and use personal data (e.g., your IP address).
If you consent, the cookies, device identifiers, or other information can be
stored or accessed on your device for the purposes described below. You can
click "Allow All" or "Decline All" or click Settings above to customise your
consent regarding the purposes and features for which your personal data will be
processed and/or the partners with whom you will share personal data.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalised content profile; ●
Select personalised content; ● Personalised advertising, advertising
measurement, audience research and services development; ● Services development.
For some of the purposes above, our advertising partners: ● Use precise
geolocation data. Some of our partners rely on their legitimate business
interests to process personal data. View our advertising partners if you wish to
provide or deny consent for specific partners, review the purposes each partner
believes they have a legitimate interest for, and object to such processing.
If you select Decline All, you will still be able to view content on this site
and you will still receive advertising, but the advertising will not be tailored
for you. You may change your setting whenever you see the Manage consent
preferences on this site.
Decline All
Allow All
Manage consent preferences