This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23921.
Daily Archives: August 1, 2024
ZDI-24-1050: (0Day) (Pwn2Own) ChargePoint Home Flex SrvrToSmSetAutoChnlListMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23968.
ZDI-24-1051: (0Day) (Pwn2Own) ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23969.
ZDI-24-1052: (0Day) (Pwn2Own) ChargePoint Home Flex Improper Certificate Validation Vulnerability
This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-23970.
ZDI-24-1053: (0Day) (Pwn2Own) ChargePoint Home Flex OCPP bswitch Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23971.
VMware ESXi Ransomware Attack (CVE-2024-37085)
What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According to the blog, Akira and Black Basta ransomware deployments were found on the impacted servers. The vulnerability has also been added to CISA’s Known Exploited Catalog (KEV) list on July 31, 2024.What is the recommended Mitigation?Please go through the vendor provided update to address the security vulnerability. Support Content Notification – Support Portal – Broadcom support portalWhat FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor immediately to secure their systems.FortiGuard Intrusion Prevention Service (IPS) protection is currently being investigated to defend against exploitation of CVE-2024-37085.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.To learn more about the Akira and BlackBasta Ransomware, read the Outbreak Reports posted by FortiGuard Labs. Black Basta Ransomware | Outbreak Alert | FortiGuard LabsAkira Ransomware | Outbreak Alert | FortiGuard Labs