Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted
Analysis Summary
# Vulnerability: Adobe ColdFusion Improper Access Control (CVE-2024-20767)
## CVE Details
- CVE ID: CVE-2024-20767
- CVSS Score: 7.4 (High)
- CWE: Improper Access Control
## Affected Systems
- Products: Adobe ColdFusion
- Versions: Not explicitly listed, but affected versions relate to those patched in March 2024.
- Configurations: Affects internet-exposed admin panels.
## Vulnerability Description
This vulnerability is an improper access control flaw in Adobe ColdFusion. It could allow a remote, unauthenticated attacker to access or modify restricted files via an internet-exposed admin panel.
## Exploitation
- Status: PoC available
- Complexity: Not specified, but linked to access control issues, often moderate to low complexity once the attack surface is identified.
- Attack Vector: Network
## Impact
- Confidentiality: Potential unauthorized file disclosure/access.
- Integrity: Potential modification of restricted files.
- Availability: Not explicitly detailed, but significant for systems hosting critical data.
## Remediation
### Patches
- Patched by Adobe in March 2024 via advisory APSB24-14. Organizations should ensure they have applied the relevant cumulative maintenance/security update released at that time.
### Workarounds
- No specific workarounds were mentioned besides patching. Restricting external access to the ColdFusion admin panel can serve as a compensating control.
## Detection
- Detection details were not provided in the summary. Look for unusual file access patterns or administrative logins originating from unexpected sources.
## References
- Vendor Advisory: hxxps://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
- PoC: hxxps://github.com/yoryio/CVE-2024-20767
---
# Vulnerability: Windows Kernel-Mode Driver Privilege Escalation (CVE-2024-35250)
## CVE Details
- CVE ID: CVE-2024-35250
- CVSS Score: 7.8 (High)
- CWE: Untrusted Pointer Dereference
## Affected Systems
- Products: Microsoft Windows Kernel-Mode Driver (specifically related to the Microsoft Kernel Streaming Service - MSKSSRV)
- Versions: Not explicitly listed, but versions requiring the June 2024 patch from Microsoft.
- Configurations: Local access required for exploitation.
## Vulnerability Description
This is an untrusted pointer dereference vulnerability residing within a Windows Kernel-Mode Driver, specifically linked to the Microsoft Kernel Streaming Service (MSKSSRV). Successful exploitation allows a local attacker to escalate privileges on the affected system.
## Exploitation
- Status: PoC available (Reportedly discovered and detailed by DEVCORE).
- Complexity: Low (Typically, local privilege escalation vulnerabilities with PoCs are exploited with relatively low complexity once local access is achieved).
- Attack Vector: Local
## Impact
- Confidentiality: Potential to gain SYSTEM-level access, leading to full confidentiality compromise.
- Integrity: Potential to modify system components and data.
- Availability: Potential for system instability or denial of service.
## Remediation
### Patches
- Patched by Microsoft in June 2024 via the security update for CVE-2024-35250.
### Workarounds
- No specific workarounds were mentioned. Limiting local user privileges is a general mitigation for LPEs.
## Detection
- Detection details were not provided in the summary. Monitor for unusual calls or activity related to kernel memory management, especially involving the MSKSSRV component, from low-privilege user contexts.
## References
- Vendor Advisory: hxxps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250
- Technical Details: hxxps://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en/
- PoC: hxxps://github.com/varwara/CVE-2024-35250