Attacks on Android kernel, Apache OfBiz and Progress WhatsUp
Vulnerabilities in the Android kernel, Apache OfBiz and Progress WhatsUp are now being attacked in the wild.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Criminals are targeting and actively attacking vulnerabilities in the Android kernel, Apache OfBiz and Progress WhatsUp. IT managers should quickly apply updates where they are available.
The US IT security authority CISA has included vulnerabilities in the Android kernel and Apache OfBiz in the Known Exploited Vulnerabilities (KEV) catalog. This means that attacks on them have been observed. However, the authority does not provide details or any indications of what these attacks look like.
Gaps in Android kernel and Apache OfBiz attacked
On Tuesday of this week , Google reported on Android Patchday that a vulnerability in the Android kernel had been attacked (CVE-2024-36971, CVSS 7.8, risk"high"). A vulnerability description is now available from NIST. According to this, a use-after-free vulnerability can occur in the network code due to "Read, Copy, Update" (RCU) rules not being strictly adhered to, which attackers can exploit remotely according to Google. If updated firmware versions are available for the smartphones used, they should therefore be installed quickly.
A security vulnerability in the open-source enterprise resource planning software (ERP) Apache OfBiz allows attackers to infiltrate and execute malicious code from the network. It is a path traversal vulnerability due to insufficient restriction of paths to restricted directories (CVE-2024-32113, no CVSS value, classified as"critical" by Apache). IT managers should therefore update to the corrected version Apache OfBiz 18.12.13 or better to 18.12.15 and newer, which closes another critical gap.
Attacks on Progress WhatsUp
The Shadowserver Foundation also reports that proof-of-concept exploits are available for a critical vulnerability in the Progress WhatsUp Gold monitoring software and that the vulnerability is also already being actively attacked.
It is one of several critical vulnerabilities that seals the WhatsUp Gold 2023.1.3 version from the end of June. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip function allows attackers from the network to execute commands with the rights of iisapppool\\nmconsole without prior authentication (CVE-2024-4885, CVSS 9.8, critical). Here, the Shadowserver Foundation has observed unauthorized access attempts to the /NmAPI/RecurringReport endpoint. The Summoning team provides a detailed analysis of the vulnerability.
Admins should apply the available updates, as they close numerous other vulnerabilities with high risk potential in addition to those already attacked.
(dmk)
