Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Patch. Show all posts
Windows
Authentication CVE-2024-8260 Cyber Security NTLM OPA Patch relay Tenable Vulnerability Windows

Critical Flaw in Open Policy Agent Exposed NTLM Credentials, Patch Released

 

A now-resolved security vulnerability in Styra's Open Policy Agent (OPA) could have exposed New Technology LAN Manager (NTLM) hashes, potentially leading to credential leakage. If exploited, the flaw allowed attackers to capture the NTLM credentials of the OPA server’s local user account and send them to a remote server. From there, they could either crack the password or relay the authentication, according to a report by cybersecurity firm Tenable, shared with The Hacker News.

The vulnerability, identified as CVE-2024-8260 and classified as a Server Message Block (SMB) force-authentication flaw, affected both the Command Line Interface (CLI) and the Go software development kit (SDK) on Windows. The issue arose from improper input validation, enabling unauthorized access by leaking the Net-NTLMv2 hash of the logged-in user on the Windows device running OPA.

Exploiting this vulnerability required specific conditions: the victim had to initiate outbound SMB traffic over port 445, gain an initial foothold through social engineering, or run the OPA CLI using a Universal Naming Convention (UNC) path rather than a Rego rule file.

Tenable security researcher Shelly Raban explained that when a Windows machine accesses a remote share, it sends the NTLM hash of the local user to authenticate to the remote server. Attackers can capture these credentials to perform relay attacks or crack the password offline. Following the responsible disclosure in June 2024, the issue was patched in version 0.68.0, released on August 29, 2024.

Tenable emphasized the importance of securing open-source projects to avoid exposing vendors and users to potential threats. The disclosure of this vulnerability coincides with Akamai's revelation of a privilege escalation flaw (CVE-2024-43532) in Microsoft's Remote Registry Service, which also involved NTLM relay attacks.

Microsoft, in response to NTLM vulnerabilities, reiterated its commitment to replace NTLM with Kerberos in Windows 11 to enhance authentication security.
Read more »
Vulnerabilities and Exploits
Data Flaws Patch Safety Security flaw Vulnerabilities and Exploits

CISA Issues Warning on Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Released

 

The Cybersecurity and Infrastructure Security Agency (CISA) has released a security advisory highlighting several critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities present significant risks, including the potential for attackers to execute arbitrary code, access sensitive data, or disrupt device operations.

This poses a serious threat to the security of industrial and commercial networks that depend on these devices. Despite the gravity of these issues, Vonets has not responded to CISA’s outreach for collaboration on mitigation efforts, leaving users at risk.

Key Vulnerabilities and Their Impacts:

The vulnerabilities identified in the Vonets devices vary in severity and include:

  • CVE-2024-41161 (CVSSv4 8.7): This flaw involves the use of hard-coded credentials, allowing unauthorized users to bypass authentication and gain full device access using pre-set administrator credentials that cannot be disabled. This makes it a particularly dangerous vulnerability.
  • CVE-2024-29082 (CVSSv4 8.8): An issue with improper access control permits attackers to bypass authentication and perform a factory reset on the device through unprotected endpoints, leading to potential service disruptions and loss of configuration data.
  • CVE-2024-41936 (CVSSv4 8.7): A directory traversal vulnerability that enables attackers to read arbitrary files on the device, bypassing authentication and exposing sensitive information.
  • CVE-2024-37023 (CVSSv4 9.4): OS command injection vulnerabilities allow authenticated attackers to execute arbitrary operating system commands on the device, potentially giving them control over its operation.
  • CVE-2024-39815 (CVSSv4 8.7): A flaw in the handling of exceptional conditions could lead to a denial-of-service (DoS) scenario when attackers send specially crafted HTTP requests to the device.
  • CVE-2024-39791 (CVSSv4 10): The most severe vulnerability, a stack-based buffer overflow, allows remote attackers to execute arbitrary code, potentially gaining full control of the device without needing authentication.
  • CVE-2024-42001 (CVSSv4 6.1): An issue with improper authentication enables attackers to bypass authentication by sending specially crafted requests during an active user session.

CISA’s Recommendations

In light of Vonets' lack of response, CISA has issued several recommendations to help organizations mitigate the risks associated with these vulnerabilities:

  • Minimize Network Exposure: Ensure that control system devices and networks are not directly accessible from the internet to reduce the risk of unauthorized access.
  • Isolate Control Systems: Position control system networks and remote devices behind firewalls and separate them from business networks to prevent cross-network attacks.
  • Secure Remote Access: When remote access is necessary, use secure methods like Virtual Private Networks (VPNs). However, it's crucial to keep VPNs updated and ensure the security of connected devices.
CISA stresses the importance of conducting thorough impact analysis and risk assessments before implementing any defensive measures to avoid unintended operational disruptions.

While no public exploitation of these vulnerabilities has been reported yet, the critical nature of these issues demands immediate attention. Organizations and individuals must act swiftly to safeguard their networks and reduce the risk of potential attacks
Read more »
Subscribe to: Posts (Atom)