Top Vulnerabilities of the Week for Cyble Researchers
This week has been full of security vulnerabilities, with researchers at Cyble uncovering 40 vulnerabilities in their recent report. Among these, 10 flaws were highlighted in products from major companies like SAP, Ivanti, AMD, Microsoft, Cisco, and Progress Software.
One of the critical vulnerabilities identified was CVE-2024-41730, impacting SAP BusinessObjects Business Intelligence suite. This flaw could allow unauthorized users to compromise the system, posing significant risks to confidentiality, integrity, and availability.
Another high-severity issue was found in Ivanti Virtual Traffic Manager (vTM), with CVE-2024-7593 allowing remote attackers to bypass authentication and create rogue administrator accounts. Multiple patches and mitigations are available to address this vulnerability.
In a separate discovery, AMD was affected by the ‘Sinkclose’ vulnerability (CVE-2023-31315), which could lead to arbitrary code execution if exploited. While not widespread, the potential impact of this vulnerability on system integrity is concerning.
Additionally, Microsoft Office was found to have a medium-severity spoofing vulnerability (CVE-2024-38200) that could allow attackers to grab users’ NTLM hashes. This could lead to further network compromise if not patched immediately.
Other notable vulnerabilities include issues with Cisco Small Business IP Phones, Cisco Smart Software Manager On-Prem, and Progress WhatsUp Gold, each posing unique risks to the affected systems.
As cyber threats continue to evolve, it is crucial for organizations to stay vigilant and apply patches promptly to mitigate the risks associated with these vulnerabilities. The Cyble report serves as a valuable resource for security teams to prioritize their efforts and secure their environments against potential attacks.