Top Cyber Security Vulnerabilities – November 2024 Roundup

Several high-impact vulnerabilities have been identified in November 2024, exposing critical risks in widely used systems and devices. Among the most concerning are an authentication bypass in Palo Alto Networks’ PAN-OS, command injection flaws in Advantech industrial devices, and privilege escalation risks within Android’s framework.

These vulnerabilities open the door to potential exploitation, ranging from unauthorized access to full system compromise. Attackers could leverage these flaws to infiltrate networks, disrupt operations, or steal sensitive information—making swift patching and mitigation critical.

This month’s roundup highlights the most pressing security threats, providing key details and insights to help organizations stay ahead of the curve.

Critical Flaws Exposed in Advantech's Industrial Wireless Access Points (CVE-2024-50370 to CVE-2024-50375)

A series of critical vulnerabilities has been discovered in Advantech’s EKI-6333AC-2G industrial-grade wireless access points, which could have serious implications for industrial networks. The flaws, identified as CVE-2024-50370 through CVE-2024-50375, include command injection vulnerabilities and a missing authentication flaw, all due to improper input validation and insufficient security controls in the device firmware.

The Vulnerabilities:
The command injection flaws (CVE-2024-50370 to CVE-2024-50374) allow remote attackers to execute arbitrary commands with root privileges, while the missing authentication vulnerability (CVE-2024-50375) enables unauthorized access to the device. These issues result from inadequate input validation and the lack of proper security mechanisms within the firmware.

Impact and Risks:
Exploiting these vulnerabilities could have devastating effects, particularly in industrial environments where these devices play a central role in critical operations. Attackers could gain full control over affected devices, leading to unauthorized access, data breaches, and potential disruptions to industrial processes. The widespread impact on operational safety and stability makes these vulnerabilities a significant concern for organizations that rely on these wireless access points.

Mitigation Strategies:
Advantech has released firmware updates to address these vulnerabilities. Users are advised to upgrade their devices to firmware version 1.6.5 for EKI-6333AC-2G and EKI-6333AC-2GD, and version 1.2.2 for EKI-6333AC-1GPO. Additionally, network segmentation and active monitoring for unusual activity are recommended to further reduce the risk of exploitation.

Critical Command Injection Vulnerability in Progress Kemp LoadMaster OS (CVE-2024-1212)

A critical command injection vulnerability has been discovered in Progress Kemp’s LoadMaster OS, tracked as CVE-2024-1212. This severe flaw allows remote attackers to execute arbitrary commands on the underlying operating system, opening the door for potential system compromise.

The Vulnerability:
The issue stems from improper input validation, enabling attackers to inject and execute commands with elevated privileges. Given its remote exploitability, this flaw poses a significant threat to internet-facing systems, making it especially dangerous for those exposed to the public internet.

Impact and Risks:
Exploiting this vulnerability could result in complete system takeover, unauthorized access, and potentially devastating data breaches. With a CVSS score of 9.8, the severity of this flaw highlights the urgent need for a patch to protect vulnerable systems.

Mitigation Strategies:
Progress Kemp has issued patches to address this vulnerability. Users are strongly urged to update their LoadMaster OS to the latest version to safeguard against potential attacks. Additionally, implementing stringent input validation and actively monitoring network traffic can help mitigate risks associated with this vulnerability.

Severe Privilege Escalation Flaw in Android Framework (CVE-2024-51567)

A critical privilege escalation vulnerability has been discovered within the Android framework (CVE-2024-51567), enabling attackers to gain elevated privileges on affected devices.

The Vulnerability:
This flaw arises from improper permission handling within the Android framework. Attackers who exploit it can escalate their privileges, potentially taking full control over sensitive system functions.

Impact and Risks:
The risks are significant, with potential outcomes including unauthorized access to sensitive data, installation of malicious software, or even complete device takeover. The high CVSS score of 9.8 underscores the criticality of this flaw.

Mitigation Strategies:
Google has rolled out a fix for this issue in the latest Android security patch. Users are urged to update their devices to the latest patch level immediately. To further reduce risk, users should limit app permissions and remain vigilant for unusual device activity.

Critical Default Permissions Flaw in CyberPanel (CVE-2019-16278)

CyberPanel has been found to contain a critical flaw due to incorrect default permissions (CVE-2019-16278), exposing systems to potential unauthorized access.

The Vulnerability:
Improper default permission settings create an opportunity for attackers to gain unauthorized access to sensitive areas of the system. This flaw can lead to privilege escalation, making systems vulnerable to further exploitation.

Impact and Risks:
Exploiting this flaw can lead to unauthorized access, data breaches, and possible system compromise. With a CVSS score of 9.8, this vulnerability is rated as highly critical and needs immediate attention.

Mitigation Strategies:
CyberPanel has released updates to fix the default permission issue. Users should apply these updates promptly and audit their permission settings to ensure they are correctly configured. Regular system audits and monitoring can also help detect and prevent unauthorized access.

Zero-Click Command Injection Vulnerability in Synology BeePhotos and Photos (CVE-2024-10443)

A zero-click command injection vulnerability has been discovered in Synology’s BeePhotos and Photos applications, tracked as CVE-2024-10443. This flaw allows remote attackers to execute arbitrary code without any user interaction.

The Vulnerability:
The vulnerability results from improper input validation in the BeePhotos and Photos applications, which allows attackers to inject and execute commands remotely. The zero-click nature of the flaw makes it particularly dangerous, as it requires no user involvement to exploit.

Impact and Risks:
Exploitation could lead to unauthorized access, data breaches, and full system compromise. Given its critical CVSS score of 9.8, this flaw demands immediate attention from affected users.

Mitigation Strategies:
Synology has released patches to fix this vulnerability. Users are strongly advised to update their BeePhotos and Photos applications to the latest versions. For added protection, implementing network segmentation and monitoring for unusual activity can help mitigate potential risks.

Palo Alto Networks PAN-OS Management Interface Authentication Bypass (CVE-2024-0012)

A severe authentication bypass vulnerability in Palo Alto Networks’ PAN-OS allows attackers to gain unauthorized admin access to the management interface, potentially compromising system integrity and enabling malicious configurations.

The Vulnerability:
An authentication bypass flaw in the PAN-OS management interface, identified as CVE-2024-0012, allows unauthenticated attackers with network access to gain full administrator privileges. This vulnerability impacts PAN-OS versions 10.2, 11.0, 11.1, and 11.2 on PA-Series, VM-Series, CN-Series firewalls, and Panorama (virtual and M-Series).

Impact and Risks:
This flaw can result in complete system compromise, unauthorized access, and the potential for data breaches. The CVSS score of 9.3 highlights its critical severity.

Mitigation Strategies:
Palo Alto Networks has released patches addressing this vulnerability. Users should update to the latest PAN-OS versions and restrict management interface access to trusted internal IP addresses to minimize exposure.

Palo Alto Expedition Missing Authentication (CVE-2024-5910)

A serious authentication bypass vulnerability has been found in Palo Alto Expedition, allowing attackers with network access to potentially take over admin accounts and expose sensitive configuration data.

The Vulnerability:
CVE-2024-5910 is a severe vulnerability in Palo Alto Networks’ Expedition tool, which is used for configuration migration and tuning. The flaw arises from missing authentication for critical functions, allowing attackers with network access to take control of the admin account. This impacts Expedition versions prior to 1.2.92.

Impact and Risks:
Exploiting this flaw could lead to unauthorized access to configuration secrets and other sensitive data, with a CVSS score of 9.3 underscoring its seriousness.

Mitigation Strategies:
Users should update to Expedition version 1.2.92 or later to mitigate this issue. Additionally, restricting network access to trusted users and hosts is essential to prevent unauthorized exploitation.

Cisco URWB Access Points Command Injection (CVE-2024-20418)

A command injection flaw in Cisco URWB Access Points allows unauthenticated attackers to execute arbitrary commands, risking full system compromise and disruption.

The Vulnerability:
A command injection vulnerability (CVE-2024-20418) in Cisco’s Unified Industrial Wireless Software for URWB Access Points allows unauthenticated attackers to execute arbitrary commands with root privileges via the web-based management interface. This issue affects Catalyst IW9165D, IW9165E, and IW9167E access points running URWB mode.

Impact and Risks:
Successful exploitation could allow attackers to take control of the system and disrupt operations, with a CVSS score of 9.3 indicating a high-risk scenario for affected devices.

Mitigation Strategies:
Cisco has issued software updates to fix this flaw. Users should promptly apply the updates, as no workarounds are available for this vulnerability.

Android Framework Privilege Escalation (CVE-2024-43093)

A privilege escalation vulnerability in the Android framework could allow attackers to bypass security filters and gain unauthorized access to sensitive system areas.

The Vulnerability:
CVE-2024-43093 is a privilege escalation vulnerability within the Android framework, caused by improper Unicode normalization in the shouldHideDocument function of ExternalStorageProvider.java. This flaw allows attackers to bypass file path filters and gain access to sensitive directories without requiring additional execution privileges.

Impact and Risks:
Exploiting this vulnerability could lead to unauthorized access to sensitive data, installation of malicious software, and potentially full device takeover. The CVSS score of 9.3 reflects the critical nature of this flaw.

Mitigation Strategies:
Google has addressed the issue in the November 2024 Android Security Bulletin. Users should ensure their devices are updated with the latest security patch level. Limiting app permissions and monitoring device activity can further reduce risk.

Palo Alto Expedition Missing Authentication (CVE-2024-9474)

A privilege escalation vulnerability in Palo Alto Expedition could enable users with restricted access to escalate privileges and tamper with system settings, posing a security risk.

The Vulnerability:
CVE-2024-9474 is a privilege escalation vulnerability in Palo Alto Networks’ Expedition tool. It allows PAN-OS administrators with access to the management web interface to execute actions with root privileges, potentially compromising system integrity. This flaw affects PAN-OS versions 10.1, 10.2, 11.0, 11.1, and 11.2.

Impact and Risks:
Exploitation could lead to unauthorized access and manipulation of system configurations. The CVSS score of 6.9 suggests a significant, though less critical, risk.

Mitigation Strategies:
Palo Alto Networks has released patches for this vulnerability. Users are advised to update to the latest PAN-OS versions and restrict access to the management interface to trusted IP addresses.

As a leading provider of IT and cybersecurity solutions across the Middle East and Africa, iConnect delivers advanced and reliable security services designed to meet the dynamic challenges of today’s digital landscape. Focused on innovation, sustainability, and industry-leading standards, iConnect is dedicated to helping organizations enhance their cybersecurity defenses and achieve long-term resilience against evolving threats.

Related articles

TOP-CVE-in-December

Top Cyber Security Vulnerabilities – December 2024 Roundup

At iConnect, our cybersecurity team is focused on staying ahead of cyber threats to ensure the security of our clients’ infrastructure. Each month, we share insights on the most recent vulnerabilities that could impact businesses. In December 2024, several critical vulnerabilities were discovered, each with the potential to disrupt operations and compromise sensitive data. In this article, we’ll look at the top eight CVEs from the month, discuss their potential impact, and suggest practical steps to address these risks.

Read more
Contact us

Partner with Us for Cutting-Edge IT Solutions

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Our Value Proposition
What happens next?
1

We’ll arrange a call at your convenience.

2

We do a discovery and consulting meeting 

3

We’ll prepare a detailed proposal tailored to your requirements.

Schedule a Free Consultation