Multiple vulnerabilities in QNAP TS-464 NAS devices

The advisories from ZDI-24-470 to ZDI-24-475 detail a series of vulnerabilities affecting QNAP TS-464 NAS devices, ranging from CRLF injection and SQL injection to improper certificate validation and file upload directory traversal. These vulnerabilities could allow remote attackers to make arbitrary configuration changes, execute code, escalate privileges, and create or delete files on affected devices. QNAP has issued updates to correct these vulnerabilities, highlighting the importance of applying security patches promptly to protect against potential exploits.

Read more Multiple vulnerabilities in QNAP TS-464 NAS devices

Multiple vulnerabilities in Cisco

Here’s a summary of the Cisco Security Advisories:

  1. Cisco AppDynamics Network Visibility Service DoS Vulnerability: An unauthenticated, local attacker could cause a denial of service (DoS) condition due to improper handling of unexpected input.
  2. Cisco Crosswork NSO Open Redirect Vulnerability: An unauthenticated, remote attacker could redirect a user to a malicious web page due to improper input validation of a parameter in an HTTP request.
  3. Cisco Crosswork NSO Privilege Escalation Vulnerability: An authenticated, local attacker could elevate privileges to root on an affected device because of a user-controlled search path used to locate executable files.
  4. Cisco Secure Client NAM Privilege Escalation Vulnerability: An unauthenticated attacker with physical access could elevate privileges to SYSTEM due to a lack of authentication on a specific function.
  5. Cisco Secure Email and Web Manager XSS Vulnerabilities: Multiple vulnerabilities could allow a remote attacker to conduct XSS attacks against users of the interface due to insufficient input validation.
  6. Cisco Secure Email Gateway HTTP Response Splitting Vulnerability: An unauthenticated, remote attacker could conduct an HTTP response splitting attack due to insufficient input validation of some parameters.
  7. Cisco Unified Communications Products API DoS Vulnerability: An unauthenticated, remote attacker could cause high CPU utilization and potentially impact access and call processing due to improper API authentication and incomplete validation of the API request.
Read more Multiple vulnerabilities in Cisco

Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

We have three new vulnerabilities in Cisco.

  • One could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
  • One that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
  • And another one which could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
Read more Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

Electrolink FM/DAB/TV Transmitter

1. EXECUTIVE SUMMARY

  • CVSS v3 8.8
  • ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
  • Vendor: Electrolink
  • Equipment: FM/DAB/TV Transmitter
  • Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.

Read more Electrolink FM/DAB/TV Transmitter

Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.

This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Read more Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

Multiple advisories in March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication

  • Cisco IOS XR Software SSH Privilege Escalation Vulnerability (Security Impact Rating: High)
  • Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability (Security Impact Rating: Medium)
  • Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability (Security Impact Rating: Medium)
  • Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability (Security Impact Rating: High)
  • Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities (Security Impact Rating: Medium)
  • Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability (Security Impact Rating: Medium)
  • Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability (Security Impact Rating: High)
Read more Multiple advisories in March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication

Vulnerabilities in Adobe Premiere Pro and Adobe Bridge founded

ZDI-24-292: Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20745.
http://www.zerodayinitiative.com/advisories/ZDI-24-292/

The specific flaw exists within the parsing of AVI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Adobe has issued an update to correct this vulnerability. More details can be found at:
https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html

ZDI-24-291: Adobe Bridge PS File Parsing Use-After-Free Remote Code Execution Vulnerability.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20752.
http://www.zerodayinitiative.com/advisories/ZDI-24-291/

The specific flaw exists within the parsing of PS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

Adobe has issued an update to correct this vulnerability. More details can be found at:
https://helpx.adobe.com/security/products/bridge/apsb24-15.html

NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned:

The specific flaw exists within the parsing of VI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.