Category Archives: Advisories

Metabase Information Disclosure Vulnerability (CVE-2021-41277)

Read Time:56 Second

What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files and environment variables to unauthorized users. The vulnerability occurs due to the use of user-supplied input without proper validation.Metabase is an open-source data analytics platform. According to their website it is used by over 60,000 companies including, Capital One, OpenAI, and more. FortiGuard Recon Threat Intelligence team tracked this vulnerability being targeted by a hacktivist group called GhostSec back in May 2024.What is the recommended Mitigation?This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that (including x.41+). GitHubWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.FortiGuard IPS protection is available to detect and block any attack attempts.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

USN-7062-2: libgsf vulnerabilities

Read Time:18 Second

USN-7062-1 fixed vulnerabilities in libgsf. This update provides the
corresponding updates for Ubuntu 24.10.

Original advisory details:

It was discovered that libgsf incorrectly handled certain Compound
Document Binary files. If a user or automated system were tricked into
opening a specially crafted file, a remote attacker could possibly use
this issue to execute arbitrary code.

Read More

USN-7042-3: cups-browsed vulnerability

Read Time:26 Second

USN-7042-2 released an improved fix for cups-browsed. This update provides
the corresponding update for Ubuntu 24.10.

Original advisory details:

Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.

Read More

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

Read Time:15 Second

Posted by Jeroen Hermans via Fulldisclosure on Oct 20

CloudAware Security Advisory

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

========================================================================
Summary
========================================================================
Bypass of Paxton Net2 API license. Possible leaking of PII and access to
admin functionality.
No physical access to computer running Paxton Net2 is required….

Read More

USN-7077-1: AMD Microcode vulnerability

Read Time:15 Second

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors
did not properly restrict access to the System Management Mode (SMM)
configuration when the SMM Lock was enabled. A privileged local attacker
could possibly use this issue to further escalate their privileges and
execute arbitrary code within the processor’s firmware layer.

Read More