09/13/2023-09/20/2023 GitLab Releases Urgent Security Patches, Trend Micro Releases Urgent Fix, Nearly 12,000 Juniper Firewalls Found Vulnerable And More.

1. GitLab Releases Urgent Security Patches for Critical Vulnerability

GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932 showing additional impact. Successful exploitation of CVE-2023-5009 could allow a threat actor to access sensitive information or leverage the elevated permissions of the impersonated user to modify source code or run arbitrary code on the system, leading to severe consequences.

2. Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks.
Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that’s bundled along with the software. The complete list of impacted products is as follows –

• Apex One – version 2019 (on-premise), fixed in SP1 Patch 1 (B12380)
• Apex One as a Service – fixed in SP1 Patch 1 (B12380) and Agent version 14.0.12637
• Worry-Free Business Security – version 10.0 SP1, fixed in 10.0 SP1 Patch 2495
• Worry-Free Business Security Services – fixed in July 31, 2023, Monthly Maintenance Release

A successful exploitation of the flaw could allow an attacker to manipulate the component to execute arbitrary commands on an affected installation. However, it requires that the adversary already has administrative console access on the target system. As a workaround, it’s recommending that customers limit access to the product’s administration console to trusted networks.

3. Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

Close to 12,000 Juniper firewalls exposed on the internet are vulnerable to a recently discovered remote code execution flaw (CVE-2023-36845). Exploitable by an unauthenticated remote attacker, it allows arbitrary code execution without creating a system file. This medium-severity flaw in Junos OS’ J-Web component could be exploited to control vital environment variables. Juniper Networks released a patch last month in an out-of-cycle update, addressing this along with other vulnerabilities. A proof-of-concept exploit combines CVE-2023-36846 and CVE-2023-36845 to achieve code execution. The new exploit impacts older systems and requires just a single cURL command. It manipulates the PHPRC environment variable through a crafted HTTP request, enabling the leak of sensitive information and executing arbitrary code using PHP’s options.

4. Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

Memory corruption flaws found in the ncurses programming library pose a threat to Linux and macOS systems. Threat actors could exploit these vulnerabilities, collectively known as CVE-2023-29491, with a CVSS score of 7.8, to execute malicious code and elevate privileges through environment variable poisoning. Microsoft Threat Intelligence researchers identified and remedied these issues in April 2023, collaborating with Apple to address macOS-specific concerns. Environment variables can influence how programs behave, and manipulating them can lead to unauthorized actions. By poisoning variables like TERMINFO, the ncurses library could be leveraged for privilege escalation. The vulnerabilities involve stack information leaks, parameterized string type confusion, off-by-one errors, heap out-of-bounds issues during terminfo database parsing, and denial-of-service with canceled strings. While these flaws had the potential for privilege escalation and code execution, a multi-stage attack would be required to gain control over a program.

5. Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Three high-severity security flaws (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) discovered in Kubernetes pose a risk of remote code execution with elevated privileges on Windows endpoints in Kubernetes clusters. These vulnerabilities affect all Kubernetes environments with Windows nodes and were responsibly disclosed by Akamai on July 13, 2023, with fixes released on August 23, 2023. Attackers can achieve remote code execution with SYSTEM privileges by applying a malicious YAML file to the cluster, targeting kubelet versions below v1.28.1, v1.27.5, v1.26.8, v1.25.13, and v1.24.17. CVE-2023-3676 requires low privileges, making it accessible to attackers with node access and apply privileges. CVE-2023-3955 results from input sanitization issues, enabling command execution via a specially crafted path string. CVE-2023-3893 involves privilege escalation in the Container Storage Interface (CSI) proxy, granting malicious actors administrator access on the node. These vulnerabilities highlight input sanitization lapses in Windows-specific porting of Kubelet.