Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

We Keep you Connected

Weekly Vulnerability Recap – January 2, 2024 – Barracuda ESG, Apache OfBiz Vulnerabilities Persist

Jenna Phipps
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
While the number of reported vulnerabilities sometimes decrease over the Christmas and New Year’s holidays, active and potential exploits are no less threatening. During the past couple weeks, Google has seen multiple vulnerabilities, including a zero-day in Chrome. SonicWall researchers discovered that an Apache patch was incomplete, still permitting authentication bypass in open-source ERP software Apache OfBiz. And issues with Barracuda’s Email Secure Gateway persist, with an FBI safety warning about an older vulnerability still outstanding.
Your IT and security teams should stay alert and aware during holidays, consistently patching known vulnerabilities and updating systems to the most recent versions of software. We’ve developed a list of recent vulnerabilities so your team can make any needed updates, including potential product removals.
Purple Knight
Learn more
Learn more
Astra Pentest
Learn more
Type of attack: Zero-day remote code execution
The problem: Researchers on Google’s threat analysis team found a zero-day vulnerability in Chrome’s instance of open-source web software WebRTC. The vulnerability is a severe heap buffer overflow issue that can lead to remote code execution. Google has already seen this vulnerability exploited in the wild.
The fix: Access to fix data is currently limited. Google announced an update to the desktop stable channel to 120.0.6099.129 on December 20, 2023, which was expected to roll out over the coming days and weeks.
Type of attack: Arbitrary code execution
The problem: We’ve mentioned Barracuda’s Email Secure Gateway vulnerabilities before, but now a new one is plaguing customers. Chinese-based threat actor group UNC4841 is suspected to be responsible for exploits of Spreadsheet::ParseExcel, a third-party open source Perl module. The threat actors used this software to deploy an Excel email attachment and attack ESG appliances.
The fix: Barracuda deployed a patch on December 22, 2023, to fix the exploited ESG appliances. On December 24, when Barracuda released the security notice, there was no remediation or patch available for CVE-2023-7101, the Spreadsheet::ParseExcel vulnerability, within the open-source library.
Previous vulnerabilities have affected Barracuda ESG. In August 2023, the FBI recommended that customers remove their Barracuda ESG appliances altogether after Barracuda discovered a zero-day remote command injection vulnerability in the ESG appliances. While Barracuda automatically rolled out the patch BNSF-36456 to all exploited appliances back in August, according to the FBI, the fix didn’t work — even patched appliances could still be exploited. If your team doesn’t already know, find out whether your appliances were compromised by CVE-2023-2868.
Type of vulnerability: Authentication bypass
The problem: SonicWall Capture Labs’ threat research team discovered an authentication bypass vulnerability, tracked as CVE-2023-51467, in Apache OfBiz software. Apache OfBiz is an open-source enterprise resource planning product that’s part of the software supply chain and appears in multiple other products, such as Atlassian JIRA.
Previously, Apache had released a patch for CVE-2023-49070, a remote code execution vulnerability. But SonicWall’s researchers realized that the authentication bypass still existed in the patched version of OfBiz. According to SonicWall, an attacker could expose sensitive data or execute code arbitrarily if they exploit the authentication bypass.
The fix: SonicWall recommends that all Apache OfBiz users update their software to version 18.12.11. SonicWall also developed the IPS signature IPS:15949, which is designed to detect exploitation of the OfBiz vulnerability.
Type of vulnerability: Privilege escalation
The problem: According to Google, an attacker could escalate their privileges in a Google Kubernetes cluster by compromising a Fluent Bit logging container and combining that with Anthos Service Mesh privileges. An exploit of Anthos Service Mesh privileges would only be relevant for Kubernetes clusters that have ASM enabled. Google released the initial vulnerability notice on December 14. While Google isn’t yet aware of any active exploitation, the vulnerability should be patched immediately.
The fix: Google recommends manually upgrading your instance of Google Kubernetes Engine to one of the following or later:
Also, for in-cluster Anthos Service Mesh, Google recommends a manual upgrade to one of the following versions:
Type of vulnerability: Bypassing privilege access requirements to exploit executables
The problem: Researchers from Security Joes discovered a malicious code execution vulnerability in Windows 10 and 11. According to the researchers, these executables are found in the normally trusted WinSxS folder.
The technique that threat actors can use is Dynamic Link Library (DLL) search order hijacking. By bypassing the high privilege requirements, Security Joes said, a threat actor can exploit the executables to execute code in WinSxS and other Windows applications.
The fix: Security Joes recommends studying the relationships between parent-child binaries, particularly focusing on trusted binaries, to find strange processes that involve the WinSxS folder’s binaries. Additionally, Security Joes suggests examining legitimate binaries within the WinSxS folder that create strange or unexpected child processes.
Type of vulnerability: Secure Shell vulnerability that can lead to prefix truncation attacks
The problem: Security researchers from Ruhr University Bochum in Germany found a Secure Shell (SSH) vulnerability that allows attackers to adjust sequence numbers during a handshake process and subtly remove client or server messages. This is a prefix truncation attack known as Terrapin. It downgrades communication security, potentially resulting in decreasingly secure client authentication.
The fix: The researchers recommend updating clients and servers so those systems are less vulnerable to prefix truncation attacks. The researchers also provided their contact information in the report.
Read next:
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.
Previous article
Next article
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

See full list
Subscribe to Cybersecurity Insider for top news, trends & analysis
eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.
Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.
Our Brands
Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.