Skip to main content
We are continuing to get a large number of reports of emails imitating Manx Telecom being sent to @manx.net addresses and are aware of over 60 subsequent account compromises.

Overview

SonicWall has issued a security advisory addressing six vulnerabilities affecting its SMA100 SSL-VPN appliances. SonicWall Secure Mobile Access (SMA) serves as a unified secure access gateway, offering Secure Sockets Layer (SSL) virtual private network (VPN) functionality, application-level VPN capabilities, context-aware device authorization, and advanced authentication features, including federated single sign-on (SSO) for both cloud and on-premises resources.

Veeam has issued updates to address one critical and one high-severity vulnerability in its Service Provider Console. Additionally, nine high-severity vulnerabilities were fixed, including eight in Backup & Replication and one in Veeam Agent for Microsoft Windows. Highlights of these vulnerabilities are provided below.

Veeam Service Provider Console (VSPC):

  • CVE-2024-42448 (CVSS 9.9): This vulnerability allows attackers with low privileges to achieve remote code execution (RCE) on the VSPC server machine.
  • CVE-2024-42449 (CVSS 7.1): Attackers with low privileges could exploit this flaw to leak the NTLM hash of the VSPC server service account and delete files on the VSPC server.

Veeam Backup & Replication:

  • CVE-2024-40717 (CVSS 8.8): Enables an authenticated attacker with specific roles on the backup server to execute scripts with elevated privileges.
  • CVE-2024-42452 (CVSS 8.8): Permits an authenticated attacker to remotely upload files to connected ESXi hosts.
  • CVE-2024-42453 (CVSS 8.8): Allows an authenticated attacker to modify configurations of connected virtual infrastructure hosts.
  • CVE-2024-42456 (CVSS 8.8): Provides authenticated attackers access to privileged methods, enabling control of critical services.

Veeam Agent for Microsoft Windows

  • CVE-2024-45207 (CVSS 7.0): This flaw allows attackers to conduct a DLL injection attack by manipulating the PATH environment variable to include directories where the attacker can write files.

Zyxel has published a security advisory highlighting recent attacks targeting its firewall products. These attacks exploit vulnerabilities addressed in September (refer to Cyber Alert CC-4541) as well as a newly disclosed high-severity vulnerability.

  • CVE-2024-11667 is a path traversal vulnerability with a CVSSv3 score of 7.5. Successful exploitation could allow attackers to download or upload files through specially crafted URLs. This issue affects the ZLD firewall firmware, which is used in several Zyxel product lines.

The vulnerability has been resolved in ZLD firewall firmware version 5.39. Devices updated to this version or patched since September 2024 are not susceptible to the vulnerability.

Cisco has issued a security advisory for a vulnerability in Nexus Dashboard-managed switches running NX-OS software, identified as CVE-2024-21927 (CVSSv3 score: 7.4). The flaw involves improper image signature verification during a device reload, allowing an attacker with admin privileges to load unauthorised images.

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

SonicWall   Security Advisory

Veeam – Support Knowledge Base KB4679  KB4693

Zyxel – Security Advisories

Cisco – Security Advisories

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates