High-risk flaws found in Adobe ColdFusion, Broadcom VMware vCenter Server, and Ivanti Endpoint Manager
Security researchers are warning companies to prioritize remediation as quickly as possible to overcome dangerous vulnerabilities.
Rapid7 researchers are warning their customers (and almost everyone else, too) to immediately expedite remediation of vulnerabilities in four common enterprise technology platforms.
The warnings are based on critical advisories published by Adobe, Broadcom and Ivanti, and Rapid7 considers the listed vulnerabilities to be “attractive potential attack targets for state-sponsored and financially motivated adversaries.”
Adobe published an advisory for CVE-2024-4187 on September 10, a remote code execution flaw in Adobe ColdFusion linked to insecure deserialization of Web Distributed Data eXchange packages. Rapid7 has seen previous remote code execution attempts targeting Wddx, as well as the exploitation of several other ColdFusion vulnerabilities.
Versions of ColdFusion 2023 prior to update nine are vulnerable to this CVE, while ColdFusion 2021 update 15 and earlier are also vulnerable. The issue was resolved in versions 10 and 16 of each.
Ivanti also posted an advisory on September 10, this time for Ivanti Endpoint Manager. CVE-2024-29847 is another remote code execution flaw related to insecure deserialization. It affects Ivanti Endpoint Manager 2022 SU5 and its earlier versions and Ivanti Endpoint Manager 2024.
Ivanti Endpoint Manager 2022 SU5 can be updated to 2022 SU6 to fix the vulnerability, while users of version 2024 will need to install a security patch, which Ivanti provided along with its advisory.
For its part, Broadcom published an advisory on September 17 regarding CVE-2024-38812, this time a critical heap overflow vulnerability in its VMware vCenter Server. Once again, the flaw could lead to remote code execution on the vulnerable server and, together with CVE-2024-38813, also reported by Broadcom on the same day, constitutes a full chain exploit.
“We are not aware of any exploitation in the wild as of September 19, 2024,” Rapid7 said in a blog post overnight, “but vCenter Server is a high-value attack target for ransomware and extortion groups.”
Both Broadcom VMware vCenter Server 7.0 and 8.0 are vulnerable and Broadcom has made several fixes available depending on the version.