As enterprises adopt multicloud, the security picture has become foggy. Cloud workload protection platforms and distributed firewalls are creating clarity. Read More
Related Posts
UEFIcanhazbufferoverflow Flaw In Intel Processors Impacts 100s PC And Servers
UEFIcanhazbufferoverflow Flaw In Intel Processors Impacts 100s PC And Servers
The Phoenix SecureCore UEFI firmware has discovered a new vulnerability, which runs on several Intel Core Desktop and mobile processors.
This vulnerability has been assigned CVE-2024-0762, and its severity has been given as 7.5 (High).
This was initially identified on Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen, which uses the latest Lenovo BIOS updates, but later, Phoenix Technologies took responsibility to come forward and acknowledge the same issues exist on multiple versions of their multiple versions of SecureCore firmware.
UEFIcanhazbufferoverflow Flaw
According to the reports shared with Cyber Security News, this vulnerability exists on multiple Intel processor families and multiple generations of Intel core Processors, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake.
These processors are used by a wide range of OEMs (original equipment manufacturers) and ODMs (Original Design Manufacturers).
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
Further, the same vulnerability also affects several vendors, affecting hundreds of PC products that rely on Phoenix SecureCore UEFI firmware.
However, this vulnerability allows a local threat actor to elevate their privileges and execute remote code within the UEFI firmware during runtime.
The vulnerability lies in the UEFI code handling TPM (Transform Platform Module) configuration, leading to buffer overflow and malicious code execution.
The possibility of exploiting this vulnerability depends on the configuration and permission assigned to the TCG2_CONFIGURATION variable, which is different on every platform.
Nevertheless, this vulnerability can be exploited similarly to firmware backdoors, which are widely used by threat actors.
If threat actors could exploit this vulnerability and plant a backdoor on vulnerable devices, it could enable them to evade security measures that run on the operating system and software layers.
Further, manipulating runtime code can also increase the difficulty of detecting these attacks.
Vulnerability Analysis
The module that has been identified as vulnerable was GUID: E6A7A1CE-5881-4B49-80BE-69C91811685C.
Two calls are made to GetVariable with the “TCG2_CONFIGURATION” argument and the same DataSize that does not have sufficient checks.
If a threat actor attacks the TCG2_CONFIGURATION by manipulating the value, it could allow them to set it to a value for longer periods.
Further, the first call to GetVariable returns EFI_BUFFER_TOO_SMALL, and the data_size is set to the length of the UEFI variable.
The second call allows them to overflow the buffer successfully, eventually leading to stack buffer overflow.
Users of these firmware versions are advised to upgrade their vendor-issued patches to patch this vulnerability.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post UEFIcanhazbufferoverflow Flaw In Intel Processors Impacts 100s PC And Servers appeared first on Cyber Security News.
SAP NetWeaver Code Injection Vulnerability Let Attackers Upload Malicious Files
SAP NetWeaver Code Injection Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in SAP NetWeaver AS Java has been uncovered, potentially allowing attackers to upload malicious files and execute unauthorized commands.
The vulnerability, identified as CVE-2024-22127, affects the Administrator Log Viewer plug-in and has been assigned a CVSS score of 9.1, indicating its severe nature.
The security issue stems from an incomplete list of prohibited file types in the Log Viewer plug-in’s upload functionality.
This oversight enables attackers with high-level privileges to upload potentially dangerous files, leading to a command injection vulnerability.
If exploited, the attacker could run malicious commands, significantly impacting the application’s confidentiality, integrity, and availability.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)
SAP has responded to this threat by releasing Security Note, which addresses the vulnerability and provides crucial mitigation steps.
The primary solution involves restricting the types of files that can be uploaded through the Administrator Log Viewer plug-in. After applying the update, only specific file types (.log, .trc, .txt, .old, .out, .cld) containing NWA log records will be permitted for upload, reads Red Rays report.
To further enhance security, SAP recommends activating the log_FileUpload Virus Scan Profile. While not mandatory, this additional measure can help detect and block potential threats during the file upload process.
Organizations using SAP NetWeaver AS Java are strongly advised to take immediate action to protect their systems. Key steps include:
Upgrading SAP NetWeaver AS Java to the latest patch that addresses this vulnerability.
Configuring and activating the log_FileUpload Virus Scan Profile.
Temporarily restricting access to the Log Viewer by adjusting user roles and permissions.
It’s important to note that this vulnerability specifically affects the Administrator Log Viewer plug-in on SAP NetWeaver AS Java version 7.50.
The attack complexity is rated as low, and no user interaction is required for exploitation, which heightens the risk associated with this vulnerability.
Security experts emphasize the importance of prompt action in addressing this issue. Regular security audits, continuous monitoring, and implementing robust access controls are crucial in maintaining a strong security posture for SAP systems.
As organizations work to mitigate this vulnerability, it serves as a reminder of the ongoing need for vigilance in cybersecurity.
Proactive measures, such as regular penetration testing and staying informed about emerging threats, are essential in safeguarding critical business applications and data.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
The post SAP NetWeaver Code Injection Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.
Romanian energy supplier Electrica hit by ransomware attack
Romanian energy supplier Electrica hit by ransomware attack
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still “in progress” earlier today. […] Read More