STOP aka DJVU Ransomware – Active IOCs
September 9, 2024Multiple Linux Kernel Vulnerabilities
September 9, 2024STOP aka DJVU Ransomware – Active IOCs
September 9, 2024Multiple Linux Kernel Vulnerabilities
September 9, 2024Severity
Medium
Analysis Summary
CVE-2024-20506 CVSS:6.1
Cisco ClamAV is vulnerable to a denial of service, caused by a flaw in the ClamD service module. By using a specially crafted symbolic link to replace the ClamD log file, a local authenticated attacker could exploit this vulnerability to corrupt critical system files.
CVE-2024-20505 CVSS:4
Cisco ClamAV is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the PDF parsing module. By submitting a specially crafted PDF file, a local attacker could exploit this vulnerability to terminate the scanning process.
CVE-2024-20469 CVSS:6
Cisco Identity Services Engine could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By submitting a specially crafted CLI command, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
CVE-2024-20503 CVSS:5.5
Cisco Duo Epic for Hyperdrive could allow a local authenticated attacker to obtain sensitive information, caused by improper storage of an unencrypted registry key. By viewing or querying the registry key, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2024-20497 CVSS:4.3
Cisco Expressway Edge could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID.
Impact
- Denial of Service
- Information Disclosure
- Security Bypass
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-20506
- CVE-2024-20505
- CVE-2024-20469
- CVE-2024-20503
- CVE-2024-20497
Affected Vendors
Affected Products
- Cisco Identity Services Engine
- Cisco ClamAV 1.4.0
- Cisco Duo Epic for Hyperdrive
- Cisco Expressway Edge
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.