Overview
QNAP has published eight security advisories addressing vulnerabilities in various products, including Note Station 3, Photo Station, AI Core, QuLog Center, QuRouter, QTS, and QuTS.
The most severe of these, identified as CVE-2024-38643, affects Note Station 3 and carries a CVSSv3 severity score of 9.8. This vulnerability could allow a remote, unauthenticated attacker to gain unauthorised access to the affected system.
SonicWall has issued a security update to address a vulnerability affecting the Windows 32-bit and 64-bit versions of its SMA100 NetExtender, a VPN client. The flaw, identified as CVE-2024-29014, could enable attackers to execute arbitrary code during the processing of an EPC Client update.
Initially assigned a CVSSv3 severity score of 7.1, this vulnerability has since been reassessed with a higher score of 8.8, reflecting its increased risk level. SonicWall has clarified that NetExtender versions for Linux and SonicWall firewall products running SonicOS are not affected by this issue.
Cisco has issued a security advisory for a critical vulnerability in the SD-WAN vManage Software, identified as CVE-2024-9474. The flaw, resulting from improper validation of HTTP requests, could allow an authenticated, remote attacker to execute directory traversal attacks. This would grant them unauthorised access to sensitive files on affected systems. The vulnerability, which has a CVSS score of 9.8, can be exploited if the attacker crafts specific HTTP requests. Cisco has recommended applying available software updates to mitigate the risk. No workarounds are available for this issue.
Wordpress – My Geo plugin: a security vulnerability has been identified in the WordPress plugin My Geo Posts Free version 1.2. The vulnerability, CVE-2024-52411, classified as a PHP Object Injection (POI), allows unauthenticated attackers to inject arbitrary objects into the application. This could lead to serious security risks, including code execution, database manipulation, and potentially full compromise of the affected WordPress site.This vulnerability has been rated with a CVSSv3 score of 8.8, indicating a high level of risk.
VMware has released updates to address five security vulnerabilities in its Aria Operations product (formerly VMware vRealize Operations), a platform used for managing and optimising hybrid and multi-cloud environments. These vulnerabilities, detailed in VMware’s advisory VMSA-2024-0022, include privilege escalation and stored cross-site scripting (XSS) flaws:
- CVE-2024-38830
A local privilege escalation vulnerability (CVSS 7.8) allows a local administrator on VMware Aria Operations to escalate privileges to root. - CVE-2024-38831
Another local privilege escalation vulnerability (CVSS 7.8) allows a threat actor with local admin privileges to execute malicious commands via a properties file to gain root access. - CVE-2024-38832
A stored cross-site scripting vulnerability (CVSS 7.1) enables an attacker with editing access to views to inject malicious scripts. - CVE-2024-38833
This XSS vulnerability (CVSS 6.8) lets an attacker with access to edit email templates inject scripts, resulting in potential exploitation. - CVE-2024-38834
A stored XSS flaw (CVSS 6.5) allows attackers with cloud provider editing access to inject malicious scripts.
Palo Alto Networks has published a security advisory regarding a certification validation weakness in the GlobalProtect app, identified as CVE-2024-5921 (CVSSv4.0 score of 5.6). This vulnerability could enable attackers to connect the application to unauthorised servers.
This flaw might be exploited by attackers to install harmful root certificates on the endpoint. Once installed, the malicious root certificate could be used to sign and deploy harmful software, potentially leading to privilege escalation on the compromised system.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
QNAP – Security Advisories
SonicWall – Security Advisory
Cisco – Security Advisory
Wordpress My Geo – Patchstack
VMWare (Broadcom) – Support Bulletin
Palo Alto – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.