HTG Threat Report

Threat Report 12/21/23

Written by Evan Kennedy | Dec 22, 2023 7:29:27 PM
A Vulnerability in Google Chrome
Could Allow for Arbitrary Code Execution 

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the user's associated privileges, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

 

Affected Systems:

  • Chrome prior to 120.0.6099.130 for Windows 
  • Chrome prior to 120.0.6099.129 for Mac and Linux 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all devices with Google Chrome have the latest version installed. 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it).

References

 

Vulnerability in Apple Products
Could Allow for Arbitrary Code Execution       

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

 

Affected Systems:

  • Versions prior to macOS Ventura 13.6.3 
  • Versions prior to macOS Sonoma 14.2 
  • Versions prior to macOS Monterey 12.7.2 
  • Versions prior to iOS 16.7.3 and iPadOS 16.7.3 
  • Versions prior to iOS 17.2 and iPadOS 17.2 
  • Versions prior tvOS 17.2 
  • Versions prior watchOS 10.2 
  • Versions prior Safari 17.2 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure Apple software has the latest version(s) installed. 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References

 


 
Multiple Vulnerabilities in Mozilla PRODUCTS
COULD Allow for Arbitrary Code Execution 

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the user's associated privileges, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

Affected Systems:

  • Firefox versions prior to 121 
  • Firefox ESR versions prior to 115.6 
  • Thunderbird versions prior to 115.6 


Risk:

  • Large and medium business entities: High
  • Small business entities: Medium

Remediation Recommendations

  • Ensure all Mozilla products have the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

 References
 
A Vulnerability in the Backup Migration Plugin for WordPress
Could Allow for Remote Code Execution

 

A vulnerability has been discovered in the Backup Migration Plugin for WordPress, which could allow for remote code execution. The Backup Migration Plugin helps admins automate site backups to local storage or a Google Drive account. Successful exploitation could allow for remote code execution in the context of the Server. Depending on the privileges associated with the logged-on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

Affected Systems:

  • Backup Migration versions prior to 1.3.7 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure Backup Migration has the latest version(s) installed. 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References





 
A Vulnerability in Apache Struts 2
Could Allow for Remote Code Execution

 

A vulnerability has been discovered in Apache Struts 2, which could allow for remote code execution. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. Successful exploitation could allow for remote code execution in the context of the underlying operating system. Depending on the privileges associated with the logged-on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights. 

 

Affected Systems:

  • Struts 2.0.0 - Struts 2.3.37 (EOL) 
  • Struts 2.5.0 - Struts 2.5.32 
  • Struts 6.0.0 - Struts 6.3.0 

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all systems running Apache Struts 2 have the latest version(s) installed. 
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References