The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently:
Multiple Vulnerabilities in Netgear Routers
Netgear RAX30 routers are subject to multiple vulnerabilities. These vulnerabilities could be chained together to achieve an authentication bypass and code execution. It is advised that vulnerable Netgear RAX30 routers are updated to version 188.8.131.52 or later to resolve these vulnerabilities.
Privilege Escalation in the Elementor plugin for WordPress
The “Essential Addons for Elementor” is subject to a privilege escalation vulnerability. This vulnerability could allow unauthenticated attackers the ability to gain administrative rights on a vulnerable site. Security Researchers at PatchStack discovered the vulnerability (CVE-2023-32243) in password reset functionality of the plugin. Versions 5.4.0 to 5.7.1 are known to be vulnerable to this vulnerability.
Botnet Targets vulnerable Ruckus Wireless Admin Panels
A botnet known as “AndoryuBot” is targeting vulnerable versions of Ruckus Wireless Admin Panels for use in DDoS attacks. CVE-2023-25717 is being used to download malware and infect vulnerable systems. Once a system is infected communication occurs over the SOCKS proxying protocol and once communication is established it waits for commands. A Rukus Wireless Admin Panel is affected by this vulnerability if the version is 10.4 and prior.
WordPress Advanced Custom Fields plugin PoC Released
A PoC was publicly released for CVE-2023-30777. This vulnerability allows attackers to potentially escalate privileges and steal sensitive information on vulnerable WordPress websites. The vendor has released an update to resolve this vulnerability. After the release of the PoC, attackers have started to scan for vulnerable systems and use the PoC to exploit vulnerable systems. It is recommended that systems running the vulnerable software upgrade to version 6.1.6 and later.
Malicious Microsoft VS Code Extensions
Malicious extensions have been discovered for VS Code. These extensions have been used to steal personal information and potentially establish a remote shell on systems that have the malicious extension installed. CheckPoint found that the extensions called “prettiest java”, “python-vscode”, and “Theme Darcula dark” were malicious. These extensions were removed from the marketplace and software developers have been urged to manually remove them from any systems that still have them installed. Additional steps should be taken to ensure that no additional infection remains.