Cyble Research & Intelligence Labs (CRIL) released its weekly vulnerability report for the period of June 26 to July 2, highlighting 29 vulnerabilities across various products, with a focus on high severity and critical flaws in Juniper Networks, OpenSSH, and GitLab. The report also shed light on a medium-severity vulnerability in Cisco Nexus switches being actively exploited, as well as discussions around exploits for sale on the dark web and industrial control system vulnerabilities.
Among the vulnerabilities identified, Cyble researchers emphasized three high-severity and critical issues along with a medium-severity vulnerability in Cisco Nexus switches. The first vulnerability, CVE-2024-6387, pertains to an unauthenticated remote code execution (RCE) flaw in OpenSSH Server, potentially granting attackers full root access and the ability to execute arbitrary code with root privileges. This vulnerability poses significant risks, including data manipulation, bypassing security mechanisms, and potential data breaches. A patch for this vulnerability is available for mitigation.
Moving on to CVE-2024-2973, a critical authentication bypass vulnerability in Juniper Networks’ products presents a serious risk of unauthorized access to network configurations and sensitive data. Exploiting this flaw could lead to further malicious activities, necessitating the application of the provided patch for remediation.
Additionally, the report highlighted CVE-2024-5655, a critical vulnerability in GitLab CE/EE versions 15.8 to 17.1.1 that allows attackers to trigger a pipeline as another user, potentially leading to unauthorized actions within GitLab and compromising the CI/CD pipeline. This vulnerability also requires immediate patching to prevent exploitation.
Furthermore, Cyble researchers flagged the active exploitation of CVE-2024-20399 by the Chinese state-sponsored threat actor group Velvet Ant targeting Cisco Nexus switches. Exploiting this vulnerability enables attackers to gain root privileges on compromised devices, facilitating the execution of arbitrary commands and potential network disruptions. Applying the provided patch is crucial for mitigating this vulnerability.
In addition to these vulnerabilities, Cyble researchers identified various exploits for sale on the dark web, including proof of concepts for a Mozilla Firefox vulnerability (CVE-2024-29943) and path traversal vulnerabilities in Sharp and Toshiba Tec’s digital multi-function peripherals. Discussions around other vulnerabilities affecting Adobe Commerce and the Vanna Python library were also noted, underscoring the importance of proactive security measures and patching.
The comprehensive report also covers 17 industrial control system vulnerabilities impacting major players in the industry, such as Mitsubishi ICONICS, Johnson Controls, and marKoni. With the evolving threat landscape and increasing cyber risks, staying informed about potential vulnerabilities and promptly addressing them through patching and mitigation measures is essential for safeguarding against potential cybersecurity incidents.
Overall, Cyble’s weekly vulnerability report serves as a valuable resource for security teams, providing insights into critical vulnerabilities, threat actors’ activities, and emerging risks in the cybersecurity domain. By leveraging such intelligence and taking proactive steps to address vulnerabilities, organizations can enhance their security posture and mitigate potential cyber threats effectively.