IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble

IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble

/in

Cyble IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble

Overview

Cyble’s vulnerability intelligence report to clients last week examined high-risk flaws in 7-Zip, Microsoft Windows, and Fortinet, among other products. It also examined dark web claims of a zero-day vulnerability in Apple iOS.

In all, the report from Cyble Research and Intelligence Labs (CRIL) looked at 14 vulnerabilities and dark web exploits, including one vulnerability with a maximum CVSS severity score of 10.0 and another with more than 276,000 web exposures.

Here are some of the vulnerabilities highlighted by Cyble’s vulnerability intelligence unit as meriting high-priority attention by security teams.

The Top IT Vulnerabilities

CVE-2024-50603 is a 10.0-severity OS Command Injection vulnerability in the Aviatrix Controller that could allow an unauthenticated user to execute arbitrary commands against the cloud networking platform controller, due to improper neutralization of special elements used in an OS command. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.

CVE-2025-0411 is a critical vulnerability in the 7-Zip file archiving software that allows attackers to bypass the Mark-of-the-Web (MOTW) protection mechanism, which is intended to warn users about potentially dangerous files downloaded from the internet. An attacker could use the vulnerability to craft an archive file so that the files do not inherit the MOTW mark when they are extracted by 7-Zip. The vulnerability was just announced, but a patch has been available since November 30. As 7-Zip lacks an auto-update function, users must download the update directly.

CVE-2024-12084 is a 9.8-severity Heap-Based Buffer Overflow vulnerability in the Rsync file synchronization tool. The vulnerability arises from improper handling of checksum lengths that exceed the fixed limit of 16 bytes (SUM_LENGTH) during the processing of user-controlled data. An attacker could manipulate checksum lengths, leading to out-of-bounds memory writes in the sum2 buffer. This could enable remote code execution (RCE) on systems running the Rsync server. Cyble detected more than 276,000 vulnerable web-facing Rsync exposures (image below).

Dark Web Exploits and Zero Days

The Cyble report also looked at vulnerabilities actively discussed by threat actors on cybercrime forums, suggesting a high risk of attacks against those flaws. Cyble also identified threat actors offering zero-day vulnerabilities for sale in Apple iOS and other products. The Apple zero-day exploit allegedly weaponizes a vulnerability present in Apple devices running iOS 17.x.x and 18.x.x, resulting in remote code execution.

Among the vulnerabilities under dark web discussion were:

  • CVE-2024-49138, a critical Elevation of Privilege vulnerability affecting the Windows Common Log File System (CLFS) driver

  • CVE-2023-34990, a critical relative path traversal vulnerability in Fortinet’s FortiWLM wireless LAN management solution

  • CVE-2024-55591, an authentication bypass vulnerability in Fortinet’s FortiOS and FortiProxy.

Cyble Recommendations

To protect against these vulnerabilities and exploits, Cyble recommended that organizations implement the following best practices:

  • Regularly update all software and hardware systems with the latest patches from official vendors.

  • Develop a comprehensive patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification. Automate the process where possible to ensure consistency and efficiency.

  • Divide your network into distinct segments to isolate critical assets from less secure areas. Use firewalls, VLANs, and access controls to limit access and reduce the attack surface exposed to potential threats.

  • Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents, including ransomware-resistant backups. Regularly test and update the plan to ensure its effectiveness and alignment with current threats.

  • Implement comprehensive monitoring and logging solutions to detect and analyze suspicious activities. Use SIEM (Security Information and Event Management) systems to aggregate and correlate logs for real-time threat detection and response.

  • Subscribe to security advisories and alerts from official vendors, CERTs, and other authoritative sources. Regularly review and assess the impact of these alerts on your systems and take appropriate actions.

  • Conduct regular vulnerability assessment and penetration testing (VAPT) exercises to identify and remediate vulnerabilities in your systems. Complement these exercises with periodic security audits to ensure compliance with security policies and standards.

Conclusion

Actively exploited vulnerabilities—and those identified as being at high risk of exploitation—should be a top priority for security teams as they prioritize their patching efforts. They should also consider other indicators of risk, such as web exposures, data sensitivity, and criticality of affected systems and applications. With increasing discussion of these exploits on dark web forums, organizations must stay vigilant and proactive.

Implementing strong security practices is essential to protecting sensitive data and maintaining system integrity. A comprehensive threat intelligence solution like Cyble can monitor for threats and leaks specific to your environment, allowing you to respond quickly to events and prevent them from becoming wider incidents.

To access full IT vulnerability and other reports from Cyble, click here.

The post IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble appeared first on Cyble.

Blog – Cyble – ​Read More