Overview
Juniper Networks has released a security update addressing a critical-severity (CVSS score of 10) authentication-bypass using an alternative path or channel vulnerability (CVE-2024-2973).
This vulnerability affects Juniper Networks Session Smart Router or Conductor running with a redundant peer configuration. An authenticated, remote attacker could exploit this vulnerability to bypass authentication and take full control of the device.
Only Routers or Conductors that are running in high-availability redundant configurations are affected by this vulnerability.
Cisco has released a security advisory for a medium-severity, command-line injection vulnerability (CVE-2024-20399) in the command line interface (CLI) of the NX-OS software in Nexus series switches, which are modular and fixed port network switches designed for data centres.
An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command, leading to arbitrary command execution on the underlying operating system with the privileges of root.
This vulnerability is being exploited in the wild.
Samsung Mobile is releasing a maintenance release for major flagship models as part of its monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung and addresses four critical-severity vulnerabilities: CVE-2023-43556, CVE-2023-43538, CVE-2023-43551 and CVE-2024-31320
Splunk has reported two high-severity, remote, code-execution vulnerabilities that affect the Splunk Platform: CVE-2024-36984 and CVE-2024-36985
Apache Software Foundation has released two updates to HTTP Server that addresses nine vulnerabilities. Apache HTTP Server is an open-source cross-platform web server software.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Juniper – Knowledge Base Article
Cisco – Security Advisories
Samsung Mobile – Security Updates
Splunk – Advisories: CVE-2024-36984 and CVE-2024-36985
Apache – HTTP Server Project: Vulnerabilities
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.