06/26/2024-07/03/2024 New Intel CPU Vulnerability, New OpenSSH Vulnerability, Critical SQLi Vulnerability, Vulnerability in Vanna.AI And More.

1. New Intel CPU Vulnerability ‘Indirector’ Exposes Sensitive Data

Modern Intel CPUs, including Raptor Lake and Alder Lake, are vulnerable to a new side-channel attack called Indirector, discovered by researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen. This attack exploits weaknesses in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB), allowing attackers to bypass defenses and leak sensitive information. The attack, similar to Spectre v2 (CVE-2017–5715), uses a tool called iBranch Locator to find and exploit indirect branches through precise IBP and BTP injections. Intel was notified in February 2024 and has informed other affected vendors. Mitigations include aggressive use of the Indirect Branch Predictor Barrier (IBPB) and hardening the Branch Prediction Unit (BPU).

Separately, Arm CPUs are vulnerable to the TIKTAG speculative execution attack, which exploits the Memory Tagging Extension (MTE) to leak data with over a 95% success rate. Researchers recommend strengthening probabilistic defenses to counter such attacks.

2. New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH has released updates to fix a critical flaw, CVE-2024-6387, named regreSSHion, which allows unauthenticated remote code execution with root privileges on glibc-based Linux systems. Discovered by Qualys, this vulnerability is a signal handler race condition in sshd, impacting versions 8.5p1 to 9.7p1 and versions prior to 4.4p1 unless patched for CVE-2006-5051 and CVE-2008-4109.

The flaw, reintroduced in October 2020, affects about 14 million OpenSSH servers. Exploiting this vulnerability requires 6-8 hours of continuous connections. While OpenBSD systems are safe, the exploitability on macOS and Windows remains unconfirmed. Users should apply patches and limit SSH access to mitigate potential threats. Although the attack requires specific conditions and is unlikely to be widespread, targeted exploitation remains a concern.

3. GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

GitLab has released updates to fix 14 security flaws, including a critical vulnerability (CVE-2024-5655, CVSS score: 9.6) that could allow unauthorized CI/CD pipeline execution. The updates apply to GitLab Community Edition (CE) and Enterprise Edition (EE) in versions 17.1.1, 17.0.3, and 16.11.5. The critical flaw impacts versions 17.1 before 17.1.1, 17.0 before 17.0.3, and 15.8 before 16.11.5.

Other significant vulnerabilities addressed include:

• CVE-2024-4901 (CVSS score: 8.7): A stored XSS vulnerability from malicious commit notes
• CVE-2024-4994 (CVSS score: 8.1): A CSRF attack on the GraphQL API
• CVE-2024-6323 (CVSS score: 7.5): An authorization flaw in the global search feature
• CVE-2024-2177 (CVSS score: 6.8): A cross-window forgery vulnerability via OAuth
  Users are advised to apply the patches to protect against potential threats.

4. Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. An SQL injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Users who cannot apply the patches immediately can disable the vulnerable servlets – csv_servlet, pdf_servlet, xml_servlet, and json_servlet – in the “web.xml” file located in the Apache Tomcat installation directory as temporary workarounds.

5. Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability – Patch ASAP!

A critical vulnerability (CVE-2024-5806, CVSS score: 9.1) in Progress Software MOVEit Transfer is already being exploited. This authentication bypass flaw affects versions:

• 2023.0.0 before 2023.0.11
• 2023.1.0 before 2023.1.6
• 2024.0.0 before 2024.0.2

An advisory from Progress also addresses another critical issue (CVE-2024-5805, CVSS score: 9.1) in MOVEit Gateway 2024.0.0. Exploiting these flaws allows attackers to bypass SFTP authentication and access systems.

watchTowr Labs, which detailed CVE-2024-5806, notes it can be used to impersonate any server user. The flaw includes vulnerabilities in MOVEit and the IPWorks SSH library. Users are advised to block public inbound RDP access and limit outbound access to trusted endpoints.

Rapid7 notes that exploiting CVE-2024-5806 requires knowledge of an existing username, remote authentication capability, and public SFTP service access. Approximately 2,700 MOVEit Transfer instances are online, mostly in the U.S. and Europe.

6. Analyzing the Remote Code Execution Vulnerability in Vanna.AI Due to Prompt Injection

A critical security flaw (CVE-2024-5565) in Vanna.AI, a library for text-to-SQL interfaces, allows remote code execution (RCE) and stems from the ability to manipulate the context of machine learning models’ predefined instructions. This incident underscores the risks associated with integrating large language models (LLMs) in actionable systems, highlighting the need for robust security measures beyond simple pre-prompting techniques.

Vanna.AI generates and executes Python code dynamically through Plotly visualization. An attacker can exploit this via the ‘ask’ function, injecting malicious prompts to execute arbitrary commands.

This flaw risks database breaches and unauthorized actions. Attacks like Skeleton Key and Crescendo illustrate the dangers of AI jailbreaks, stressing the need for stringent security measures beyond pre-prompting. Developers should implement comprehensive security measures, including input validation, restrictive execution environments, and advanced anomaly detection to monitor suspicious activities. This incident underscores the importance of robust defenses in generative AI systems.