Advisory No: TZCERT/SA/2024/04/19

Date of First Release: 19^th April 2024

Source: Hewlett Packard Enterprise (HPE)

Software Affected: HPE Compute Scale-up Server 3200, HPE Superdome Flex 280 Server and HPE Superdome Flex Server

Overview:

Three HPE products are affected by the critical vulnerability. The vulnerability may allow an attacker to execute arbitrary code with root privilege on the affected system.

Description:

Compute Scale-up Server 3200, Superdome Flex 280 Server and Superdome Flex Server the products by HPE are affected by the 9.8 rating score vulnerability resulting from mishandling caused by CommBuffer checks. The CommBuffer checks currently implemented in SmmEntryPoint do not detect situations where there is an underflow in the computation of BufferSize. Exploitation of this vulnerability could allow the attacker to overwrite SMM memory leading to execution of arbitrary code with privilege elevation.

Impact:

Successful exploitation of this vulnerability may allow an unauthenticated attacker to take control of the affected system.

Solution:

HP has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04633en_us&docLocale=en_US
2. https://www.cvedetails.com/cve/CVE-2021-38578

Advisory No: TZCERT/SA/2024/04/15

Date of First Release: 15^th April 2024

Source: Palo Alto

Software Affected: PAN-OS versions 10.2, 11.0, and 11.1

Overview:

Palo Alto’s PAN-OS is affected by the critical command injection vulnerability. The vulnerabilities may allow an attacker to execute arbitrary code with root privileges on the firewall.

Description:

GlobalProtect, a feature in PAN-OS is affected by a vulnerability tracked as CVE-2024-3400. GlobalProtect provides a complete infrastructure for managing your mobile workforce to enable secure access for all your users, regardless of what endpoints they are using or where they are located. According to the Volexity investigation team, after gaining access the attacker installs a custom Python backdoor named “UPSTYLE”, on the firewall. The UPSTYLE backdoor allows the attacker to execute additional commands on the device via specially crafted network requests.

Impact:

Successful exploitation of this vulnerability may allow an unauthenticated attacker to take control of the affected system.

Solution:

Palo Alto has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://security.paloaltonetworks.com/CVE-2024-3400
2. https://unit42.paloaltonetworks.com/cve-2024-3400/

Advisory No: TZCERT/SA/2024/04/12-2

Date of First Release: 12^th April 2024

Source: IBM

Software Affected: IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector

Overview:

IBM products are affected by the critical arbitrary command execution. The vulnerabilities may allow an attacker to remote codes on the affected system.

Description:

IBM QRadar SIEM and IBM Disconnected Log Collector running OpenSSH and Apache Avro Java SDK respectively are affected with critical arbitrary code execution vulnerabilities. Also, the IBM Sterling B2B Integrator running Apache Commons BCEL is affected by the out-of-bounds write vulnerability. All these vulnerabilities may be exploited by the attacker using the specially-crafted request to gain control of the affected systems.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution:

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.ibm.com/support/pages/node/7148158
2. https://www.ibm.com/support/pages/node/7148094
3. https://www.ibm.com/support/pages/node/7148147

Advisory No: TZCERT/SA/2024/04/12-1

Date of First Release: 12^th April 2024

Source: Wordfence, patchstack

Software Affected: AIKit <= 4.14.1

Overview:

CodeIsAwesome’s AIKit plugin is vulnerable to SQL Injection. The plugin’s vulnerability may allow an attacker to interact with the database and steal information.

Description:

AIKit is a WordPress AI Assistant that utilizes the GPT-3 model to assist writers in creating content up to 10 times faster. The plugin does not neutralize or incorrectly neutralize special elements that could modify the intended SQL command when it is sent to a downstream component. the improper neutralization of Special Elements used in an SQL Command in the plugin makes no real distinction between the control and data planes, thus, resulting in sensitive information disclosure as the impact SQL injection vulnerability.

Impact:

Successful exploitation of this vulnerability may allow the attacker to gain access to sensitive information.

Solution:

No patch has been released for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/aikit-wordpress-ai-writing-assistant-using-gpt3/aikit-4141-authenticated-contributor-sql-injection
2. https://patchstack.com/database/vulnerability/aikit-wordpress-ai-writing-assistant-using-gpt3/wordpress-codeisawesome-aikit-plugin-4-14-1-sql-injection-vulnerability?_s_id=cve
3. https://avd.aquasec.com/nvd/2024/cve-2024-31370/

IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review IBM Security Advisories dated 11^th April 2024 and apply necessary updates.