CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data.
The agency said it has seen adversaries „acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.“
It also said it continues to observe weak password types used on Cisco network devices, thereby exposing them to password-cracking attacks. Password types refer to algorithms that are used to secure a Cisco device’s password within a system configuration file.
Threat actors who are able to gain access to the device in this manner would be able to easily access system configuration files, facilitating a deeper compromise of the victim networks.
„Organizations must ensure all passwords on network devices are stored using a sufficient level of protection,“ CISA said, adding it recommends „type 8 password protection for all Cisco devices to protect passwords within configuration files.“
It is also urging enterprises to review the National Security Agency’s (NSA) Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.
Source: The hacker news / Bleeping computer / Securityweek
Link: https://thehackernews.com/2024/08/cisa-warns-of-hackers-exploiting-legacy.html
Link: https://www.securityweek.com/warnings-issued-over-cisco-device-hacking-unpatched-vulnerabilities/
Microsoft Warns of Unpatched Office Vulnerability Leading to Data Breaches
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors.
The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office –
- Microsoft Office 2016 for 32-bit edition and 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit and 64-bit editions
- Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems
- Microsoft Office 2019 for 32-bit and 64-bit editions
Credited with discovering and reporting the vulnerability are researchers Jim Rush and Metin Yunus Kandemir.
„In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability,“ Microsoft said in an advisory.
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html
Critical Security Flaw in WhatsUp Gold Under Active Attack – Patch Now
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest.
The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
„The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\\nmconsole privileges,“ the company said in an advisory released in late June 2024.
According to security researcher Sina Kheirkhah of the Summoning Team, the flaw resides in the implementation of the GetFileWithoutZip method, which fails to perform adequate validation of user-supplied paths prior to its use.
An attacker could take advantage of this behavior to execute code in the context of the service account. A proof-of-concept (PoC) exploit has since been released by Kheirkhah.
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2024/08/critical-security-flaw-in-whatsup-gold.html
Critical Apache OFBiz Vulnerability Allows Preauth RCE
A critical pre-authentication remote code execution (RCE) security vulnerability in Apache OFBiz could open organizations to data theft, lateral movement by threat actors into various applications and parts of their networks, and more.
The bug, tracked as CVE-2024-38856, carries a notably high CVSS score of 9.8, given how impactful exploitation could be. Apache OFBiz is an open source enterprise resource planning (ERP) system that has highly privileged access to various business processes for the purpose of single-pane management and automation; these can include accounting, human resources, customer relationship management, order management, manufacturing and e-commerce.
CVE-2024-38856 exists in the override view functionality, and can allow threat actors to access critical endpoints using a crafted request, according to the SonicWall Capture Labs threat research team, which discovered the vulnerability and shared its details with Dark Reading.
To protect their organizations, admins should upgrade their implementations to version 18.12.15 or newer.
Source: Dark reading / The hacker news / Securityweek
Link: https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html
Link: https://www.securityweek.com/apache-ofbiz-users-warned-of-new-and-exploited-vulnerabilities/