The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added two safety flaws impacting D-Hyperlink routers to its Identified Exploited Vulnerabilities (KEV) catalog, primarily based on proof of energetic exploitation.
The checklist of vulnerabilities is as follows –
- CVE-2014-100005 – A cross-site request forgery (CSRF) vulnerability impacting D-Hyperlink DIR-600 routers that enables an attacker to alter router configurations by hijacking an present administrator session
- CVE-2021-40655 – An data disclosure vulnerability impacting D-Hyperlink DIR-605 routers that enables attackers to acquire a username and password by forging an HTTP POST request to the /getcfg.php web page
There are at present no particulars on how these shortcomings are exploited within the wild, however federal businesses have been urged to use vendor-provided mitigations by June 6, 2024.
It is value noting that CVE-2014-100005 impacts legacy D-Hyperlink merchandise which have reached end-of-life (EoL) standing, necessitating that organizations nonetheless utilizing them retire and exchange the gadgets.
The event comes because the SSD Safe Disclosure crew revealed unpatched safety points in DIR-X4860 routers that might allow distant unauthenticated attackers to entry the HNAP port with the intention to receive elevated permissions and run instructions as root.
“By combining an authentication bypass with command execution the device can be completely compromised,” it mentioned, including the problems impression routers operating firmware model DIRX4860A1_FWV1.04B03.
SSD Safe Disclosure has additionally made out there a proof-of-concept (PoC) exploit, which employs a specifically crafted HNAP login request to the router’s administration interface to get round authentication protections and obtain code execution by profiting from a command injection vulnerability.
D-Hyperlink has since acknowledged the difficulty in a bulletin of its personal, stating a repair is “Pending Release / Under Development.” It described the difficulty as a case of LAN-side unauthenticated command execution flaw.
Ivanti Patches A number of Flaws in Endpoint Supervisor Cell (EPMM)
Cybersecurity researchers have additionally launched a PoC exploit for a brand new vulnerability in Ivanti EPMM (CVE-2024-22026, CVSS rating: 6.7) that might allow an authenticated native consumer to bypass shell restriction and execute arbitrary instructions on the equipment.
“This vulnerability allows a local attacker to gain root access to the system by exploiting the software update process with a malicious RPM package from a remote URL,” Redline Cyber Security’s Bryan Smith mentioned.
The issue stems from a case of insufficient validation within the EPMM command-line interface’s set up command, which might fetch an arbitrary RPM package deal from a user-provided URL with out verifying its authenticity.
CVE-2024-22026 impacts all variations of EPMM earlier than 12.1.0.0. Additionally patched by Ivanti are two different SQL injection flaws (CVE-2023-46806 and CVE-2023-46807, CVSS scores: 6.7) that might enable an authenticated consumer with applicable privilege to entry or modify information within the underlying database.
Whereas there is no such thing as a proof that these flaws have been exploited, customers are suggested to replace to the most recent model to mitigate potential threats.