Welcome to the monthly Vulnerability Report. In this report, we provide an overview of the most significant security vulnerabilities identified in the past month. Our focus is on vulnerabilities that are being actively exploited, which pose the biggest risk to you. Stay informed about the latest threats and take proactive steps to secure your systems against the latest attacks.
First things first, what is a CVE?
A CVE, or Common Vulnerabilities and Exposures, is a standardised identifier for known cybersecurity vulnerabilities. The purpose of CVEs is to provide a standardised method for identifying and cataloging security vulnerabilities, which helps organisations prioritise their vulnerability management efforts.
Why are CVEs important?
CVEs are publicly known vulnerabilities, some of them, like the ones listed below are currently being exploited, making sure you have the correct patches installed ensures your systems are safe from these attacks.
Actively Exploited
The following vulnerabilities are being actively exploited.
CVE-2024-5217 - ServiceNow, Washington DC, Vancouver, and earlier Now Platform releases - Severity Rating: 9.8 (Critical)
CVE-2024-4879 - ServiceNow, Vancouver and Washington DC Now Platform releases - Severity Rating: 9.8 (Critical)
CVE-2023-45249 - Acronis Cyber Infrastructure (ACI), Affected Versions: before builds 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, 5.4.4-132 - Severity Rating: 9.8 (Critical)
CVE-2024-36401 - GeoServer, Affected Versions: versions prior to 2.23.6, 2.24.4, 2.25.2 - Severity Rating: 9.8 (Critical)
CVE-2024-38080 - Windows Hyper-V - Severity Rating: 7.8 (High)
CVE-2024-38112 - Windows MSHTML Platform - Severity Rating: 7.5 (High)
CVE-2024-20399 - Cisco NX-OS Software - Severity Rating: 6.7 (Medium)
CVE-2024-39891 - Twilio Authy API, Affected Versions: Authy Android before 25.1.0 and Authy iOS before 26.1.0 - Severity Rating: 5.3 (Medium)
What To Do
If you are currently running software listed above, make sure you install the latest version to stay secure.
As a leading cybersecurity company, we are on the forefront of security research, constantly monitoring for emerging threats. With best in class security expertise, we are able to help you secure your assets to the highest levels.
Visit rivanorth.com to find out more.
You build the future. We help you secure it.