Author: SonicWall

Short Summary

The SonicWall Capture Labs threat research team has identified a critical zero-click vulnerability, CVE-2024-20017, affecting MediaTek Wi-Fi chipsets. This vulnerability allows remote code execution without user interaction and has a CVSS score of 9.8. MediaTek has released patches, and users are urged to update their devices immediately to mitigate risks.…

Read More
Short Summary

This article discusses a code injection vulnerability (CVE-2024-5932) in the GiveWP WordPress plugin, highlighting a malicious Proof of Concept (POC) that targets cybersecurity professionals. The POC can lead to serious threats such as crypto mining, data exfiltration, and backdoor installation. The article emphasizes the need for vigilance when executing scripts from public repositories like GitHub and provides insights into the malicious activities associated with this vulnerability.…

Read More

Short Summary:

The SonicWall Capture Labs threat research team has identified a high-severity SQL Injection vulnerability (CVE-2024-23119) in Centreon Web versions prior to 22.10.17, 23.04.13, and 23.10.5. This vulnerability allows authenticated attackers to execute arbitrary SQL commands, potentially compromising the database. Mitigation measures include upgrading to the latest versions and monitoring system logs.…

Read More
Short Summary

The SonicWall Capture Labs threat research team has identified a moderate unauthenticated directory traversal vulnerability (CVE-2024-7928) affecting FastAdmin installations. This vulnerability allows attackers to traverse the file system, potentially exposing sensitive information. Users are advised to update to version 1.3.4.20220530 to mitigate risks associated with this vulnerability.…

Read More

Short Summary:

This week, the SonicWall Capture Labs threat research team identified an AutoIT-compiled executable that targets Gmail login pages across multiple browsers. The malware exhibits various malicious functionalities, including keystroke logging and system control, while also employing techniques to evade detection. SonicWall customers are protected through the “MalAgent.AutoITBot”…

Read More
Short Summary

CVE-2024-38063 is a critical remote code execution vulnerability in Windows systems with a CVSS score of 9.8. This zero-click, wormable flaw allows attackers to execute arbitrary code remotely via specially crafted IPv6 packets. Microsoft has released patches, and SonicWall has enhanced its firewall protections to mitigate risks associated with this vulnerability.…

Read More

“`html Short Summary:

The SonicWall Capture Labs threat research team identified an arbitrary file upload vulnerability (CVE-2024-5008) in Progress WhatsUp Gold, which allows authenticated users with Application Monitoring privileges to upload malicious files, potentially leading to remote code execution. Users are advised to upgrade to the latest version to mitigate this risk.…

Read More

“`html Short Summary:

A fake website mimicking the official WinRar site has been identified as a host for various malware, including ransomware, cryptominers, and infostealers. The site uses typosquatting to deceive users and leads them to download malicious components hosted on GitHub. The malware infection cycle begins with a shell script that sends system information to a Telegram account.…

Read More

“`html

Short Summary

The SonicWall Capture Labs threat research team has identified a critical vulnerability (CVE-2024-28747) in SmartPLC devices, specifically affecting the AC14xx and AC4xxS models with firmware versions up to 4.3.17. This vulnerability, due to hard-coded credentials, allows unauthenticated remote attackers to gain high-privilege access, posing a significant risk to the security of the affected systems.…

Read More

“`html

Short Summary

The SonicWall Capture Labs threat research team identified a critical remote code execution vulnerability (CVE-2024-36401) in GeoServer, affecting versions prior to 2.24.4, 2.25.2, and 2.23.6. This vulnerability allows unauthenticated attackers to execute arbitrary code remotely, posing significant risks to system confidentiality, integrity, and availability.…

Read More
Overview

The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe than it initially appeared. Labeled as a path traversal vulnerability and categorized as CWE-35, this vulnerability allows attackers to traverse the file system to access files or directories outside the restricted directory.…

Read More
Overview

The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords.…

Read More
Overview

The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. Serv-U server is a solution that provides a secure file transfer facility and control inside and outside the organization. Identified as CVE-2024-28995, SolarWinds Serv-U 15.4.2 HF 1 and previous versions allow an unauthenticated threat actor to access local files remotely, earning a high CVSS score of 8.6.…

Read More

The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time.

QR codes are increasingly popular due to their versatility and ease of use. Beyond payments and feedback, QR codes have a wide range of applications across various industries such as marketing, retail, education, healthcare, hospitality, transportation, real estate, public services, entertainment, business operations, personal use etc.…

Read More
Overview 

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …

Read More
Overview

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading to an arbitrary read, allowing an attacker to read any file on the system.…

Read More