Recently published security vulnerabilities are targeting many popular software, putting systems at great risk. Some of these vulnerabilities have publicly available exploit code. In this article, we will review the critical vulnerabilities identified in October 2024.
Zimbra Collaboration Suite (ZCS)
- CVE-2024-45519
- CVSS Score: 10.0
- EPSS Score: 76.38%
- Exploit Status: 🚨 Public Exploit Released 🚨
- Affected Versions: Zimbra Collaboration (ZCS) 8.8.15 Patch 45 and earlier
- Recommended Action: Zimbra recommends applying ZCS 8.8.15 Patch 46 or ZCS 9.0.0 Patch 41 or later.
CyberPanel
- CVE-2024-51567
- CVSS Score: 10.0
- EPSS Score: 0.04%
- Exploit Status: 🚨 Public Exploit Released 🚨
- Affected Versions: CyberPanel 2.3.6 and older, unpatched 2.3.7 version
- Recommended Action: CyberPanel recommends applying the latest update to mitigate this vulnerability.
Fortinet FortiManager
- CVE-2024-47575
- CVSS Score: 9.8
- EPSS Score: 5.18%
- Exploit Status: 🚨 Public Exploit Released 🚨
- Affected Versions: FortiManager 7.6.0 and 7.4.0-7.4.4, 7.2.0-7.2.7, 7.0.0-7.0.12, 6.4.0-6.4.14, 6.2.0-6.2.12, FortiManager Cloud versions
- Recommended Action: FortiManager recommends applying patched versions 7.4.5 and later.
ScienceLogic SL1
- CVE-2024-9537
- CVSS Score: 9.8
- EPSS Score: 3.64%
- Exploit Status: 🚨 Public Exploit Not Released 🚨
- Affected Versions: SL1 12.1.2 and older
- Recommended Action: Update to SL1 12.1.3+ and SL1 12.2.3+.
Mozilla Firefox and Thunderbird
- CVE-2024-9680
- CVSS Score: 9.8
- EPSS Score: 0.32%
- Exploit Status: 🚨 Public Exploit Released 🚨
- Affected Versions: Firefox 131.0.1, Firefox ESR 128.3.0, and Thunderbird versions
- Recommended Action: Upgrade to Firefox 131.0.2+, Firefox ESR 128.3.1+, Thunderbird 131.0.1+.
Microsoft Windows and Management Console (MMC)
- CVE-2024-43572 and CVE-2024-43573
- CVSS Scores: 7.8, 8.1
- EPSS Scores: 0.08%, 1.33%
- Exploit Status: 🚨 Public Exploit Not Released 🚨
- Affected Versions: Windows 10, Windows Server 2022, Windows 11, MMC and MSHTML platforms
- Recommended Action: Microsoft has released security patches, so it is recommended to apply updates immediately.
Ivanti Cloud Secure Access (CSA)
- CVE-2024-9379 and CVE-2024-9380
- CVSS Score: 7.2
- EPSS Scores: 0.76%, 4.64%
- Exploit Status: 🚨 Public Exploit Not Released 🚨
- Affected Versions: Ivanti CSA 5.0.1 and earlier
- Recommended Action: Update to Ivanti CSA 5.0.2 or later.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
- CVE-2024-20481
- CVSS Score: 5.8
- EPSS Score: 0.23%
- Exploit Status: 🚨 Public Exploit Not Released 🚨
- Affected Versions: Cisco ASA 9.18, Cisco FTD 7.0.0 and earlier
- Recommended Action: Cisco is addressing these vulnerabilities with the latest software updates and patches.
HLOS (High-Level Operating System)
- CVE-2024-43047
- CVSS Score: 7.8
- EPSS Score: 0.06%
- Exploit Status: 🚨 Public Exploit Not Released 🚨
- Affected Versions: Qualcomm Multiple Chipsets Use-After-Free Vulnerability
- Recommended Action: No published security patches or solution recommendations yet. It is advised to regularly follow updates from the vendor and upgrade systems to the latest versions.
- Summary: The vulnerability is a memory corruption issue that occurs during the management of memory maps in the HLOS (High-Level Operating System). Such flaws may provide malicious users the opportunity to alter system data or escalate privileges.
To minimize the impact of these vulnerabilities, it is crucial to update and patch the affected versions. Many of these vulnerabilities have publicly available exploits, actively being used, signaling the need for immediate mitigation measures.