- Vulnerability Overwatch
- Posts
- CVE-2024-43461 / CVE-2024-6670
CVE-2024-43461 / CVE-2024-6670
Simon Ganiere
September 16, 2024
PRESENTED BY
Vulnerability Overwatch
Simon Ganiere · 16th September 2024
The information provided is purely for your information. There is no guarantee of its content or its accuracy. The content is generated automatically using AI Agents based on the CISA KEV list. The content also represents a point in time view on the vulnerability therefore some of the information can become quickly innacurate.
Table of Contents
CVE-2024-43461: Windows MSHTML Spoofing Vulnerability
Description
CVE-2024-43461 is a spoofing vulnerability affecting the Windows MSHTML platform. The user interface (UI) does not properly represent critical information to the user, allowing the information or its source to be spoofed. This vulnerability can be exploited by an attacker to deceive users by displaying misleading information or masquerading as a trusted entity.
Impact
The impact of CVE-2024-43461 is significant as it compromises the integrity and trustworthiness of the information presented to users. This can lead to various types of attacks, including phishing, where users might be tricked into divulging sensitive information or downloading malicious software.
Affected Systems
This vulnerability affects all supported versions of Microsoft Windows that use the MSHTML platform. This includes, but may not be limited to, Windows 10, Windows 11, and various versions of Windows Server.
Known Exploits
The vulnerability was actively exploited as a zero-day before July 2024.
Microsoft confirmed that this vulnerability was part of an attack chain relating to CVE-2024-38112.
One of the notable threat actors exploiting this vulnerability is the Void Banshee Advanced Persistent Threat (APT) group.
Mitigation Strategies
Microsoft has released security updates to address this vulnerability. Users and administrators are strongly advised to apply these updates immediately to mitigate the risk.
- Additional measures include educating users about the risks of phishing and spoofing attacks, and implementing tools that can help detect and prevent such attacks.
Threat Actor
The Void Banshee Advanced Persistent Threat (APT) group is known to have exploited this vulnerability.
Resources
CVE-2024-6670: WhatsUp Gold SQL Injection Vulnerability
Description
CVE-2024-6670 is a SQL Injection vulnerability found in WhatsUp Gold versions released before 2024.0.0. This vulnerability allows an unauthenticated attacker to retrieve the users' encrypted passwords. By exploiting this vulnerability, attackers can potentially gain unauthorized access to sensitive information stored within the affected systems.
Impact
The impact of CVE-2024-6670 is significant as it allows for unauthorized access to user credentials. This can lead to further exploitation, such as privilege escalation, data breaches, and unauthorized administrative access. The severity of this vulnerability is high due to the potential for widespread exploitation and the sensitivity of the data that can be accessed.
Affected Systems
WhatsUp Gold versions released before 2024.0.0 are affected by this vulnerability.
Known Exploits
There have been reports of active exploitation of CVE-2024-6670 shortly after the release of Proof-of-Concept (PoC) exploits. Attackers have been able to bypass authentication mechanisms and install remote access tools on the affected systems. A PoC for this vulnerability is available on GitHub, indicating that the exploit can be easily replicated by malicious actors.
Mitigation Strategies
Users of WhatsUp Gold are advised to update to the latest version (2024.0.0 or later) which includes patches for this vulnerability.
Implementing strict input validation and sanitization can help prevent SQL Injection attacks.
Regularly updating and patching all software and systems to the latest versions to mitigate known vulnerabilities.
Threat Actor
While specific threat actors exploiting CVE-2024-6670 have not been detailed in the available sources, the rapid exploitation after PoC release suggests that both opportunistic hackers and potentially more sophisticated adversaries are leveraging this vulnerability.