Overview
Broadcom has released security advisories to address two critical-severity vulnerabilities affecting VMWare vCenter Server and VMware Cloud Foundation.
- CVE-2024-38812 is a heap-overflow vulnerability in VMware vCenter Server with a CVSSv3 score of 9.8. An attacker with network access to vCenter Server could trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.
- CVE-2024-38813 is a privilege escalation vulnerability in vCenter Server with a CVSSv3 score of 7.5. An attacker with network access to vCenter Server could exploit this vulnerability by sending a specially crafted network packet to escalate privileges to root.
Cisco has released advisories to resolve 51 vulnerabilities affecting Cisco Adaptive Security Appliance Software (ASA), Firepower Management Center (FMC) Software, and the Firepower Threat Defense (FTD) Software. Three advisories are critical severity:
- CVE-2024-20329: Cisco Adaptive Security Appliance Software SSH – Remote Command Injection Vulnerability -
- CVE-2024-20424: Cisco Secure Firewall Management Center Software – Command Injection Vulnerability
- CVE-2024-20412: Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series – Static Credential Vulnerability.
A medium-severity vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) is currently being exploited:
- CVE-2024-20481: exploitation could allow a remote attacker to send a large number of VPN authentication requests to an affected device, which could exhaust resources and result in a DoS of the Remote Access VPN service on the affected device.
Foxit has released security updates to address multiple vulnerabilities in Foxit PDF Editor for Windows and MacOS. CVE-2024-7725 is a critical-severity, use-after-free vulnerability that could allow remote-code execution.
Apple has released security updates to address vulnerabilities in multiple Apple products, including iOS, iPadOS, macOS, watchOS, tvOS, visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Broadcom (VMWare) – Security Advisories
Cisco – Security Updates and the Cisco Software Checker
Foxit – Security Bulletin
Apple – iOS, macOS Sequoia, macOS Sonoma, macOS Ventura, watchOS, tvOS and visionOS
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.