Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybersecurity vulnerabilities. Show all posts
Remote Code Execution
Authentication Bypass CVE CVE exploits CVE vulnerability CVEs Cyber Security cybersecurity vulnerabilities Endpoint patch fixes Remote Code Execution

Trend Micro Patches Critical Remote Code Execution and Authentication Bypass Flaws in Apex Central and PolicyServer

Trend Micro has rolled out essential security updates to address a series of high-impact vulnerabilities discovered in two of its enterprise security solutions: Apex Central and the Endpoint Encryption (TMEE) PolicyServer. These newly disclosed issues, which include critical remote code execution (RCE) and authentication bypass bugs, could allow attackers to compromise systems without needing login credentials. 

Although there have been no confirmed cases of exploitation so far, Trend Micro strongly recommends immediate patching to mitigate any potential threats. The vulnerabilities are especially concerning for organizations operating in sensitive sectors, where data privacy and regulatory compliance are paramount. 

The Endpoint Encryption PolicyServer is a key management solution used to centrally control full disk and media encryption across Windows-based systems. Following the recent update, four critical issues in this product were fixed. Among them is CVE-2025-49212, a remote code execution bug that stems from insecure deserialization within PolicyValue Table Serialization Binder class. This flaw enables threat actors to run code with SYSTEM-level privileges without any authentication. 

Another serious issue, CVE-2025-49213, was found in the PolicyServerWindowsService class, also involving unsafe deserialization. This vulnerability similarly allows arbitrary code execution without requiring user credentials. An additional bug, CVE-2025-49216, enables attackers to bypass authentication entirely due to faulty logic in the DbAppDomain service. Lastly, CVE-2025-49217 presents another RCE risk, though slightly more complex to exploit, allowing code execution via the ValidateToken method. 

While Trend Micro categorized all four as critical, third-party advisory firm ZDI classified CVE-2025-49217 as high-severity. Besides these, the latest PolicyServer release also fixes multiple other high-severity vulnerabilities, such as SQL injection and privilege escalation flaws. The update applies to version 6.0.0.4013 (Patch 1 Update 6), and all earlier versions are affected. Notably, there are no workarounds available, making the patch essential for risk mitigation. 

Trend Micro also addressed separate issues in Apex Central, the company’s centralized console for managing its security tools. Two pre-authentication RCE vulnerabilities—CVE-2025-49219 and CVE-2025-49220—were identified and patched. Both flaws are caused by insecure deserialization and could allow attackers to execute code remotely as NETWORK SERVICE without authentication. 

These Apex Central vulnerabilities were resolved in Patch B7007 for the 2019 on-premise version. Customers using Apex Central as a Service will receive fixes automatically on the backend. 

Given the severity of these cybersecurity vulnerabilities, organizations using these Trend Micro products should prioritize updating their systems to maintain security and operational integrity.
Read more »
Tesla Vulnerabilities and Exploits
authentication bypass flaw cybersecurity vulnerabilities firewall exploits Palo Alto firewalls PAN-OS attacks privilege escalation vulnerability Tesla Vulnerabilities and Exploits

Thousands of Palo Alto Firewalls Hacked Through Recently Patched Vulnerabilities

 

 
Hackers have successfully breached thousands of Palo Alto Networks firewalls by exploiting two critical vulnerabilities recently addressed by the company.

The flaws include an authentication bypass (CVE-2024-0012) in the PAN-OS management web interface, allowing remote attackers to gain admin privileges, and a privilege escalation vulnerability (CVE-2024-9474) enabling execution of commands on firewalls with root access.

CVE-2024-9474 was disclosed earlier this week, while Palo Alto Networks initially alerted users on November 8 about a potential remote code execution flaw, now identified as CVE-2024-0012. The company continues to investigate attacks leveraging these flaws and has confirmed instances of malware deployment and command execution on compromised firewalls.

"This original activity reported on Nov. 18, 2024 primarily originated from IP addresses known to proxy/tunnel traffic for anonymous VPN services," the company stated on Wednesday.

Unit 42, Palo Alto’s threat intelligence team, added, "At this time, Unit 42 assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which will enable broader threat activity."

While Palo Alto claims the impact is limited to "a very small number" of PAN-OS devices, the Shadowserver Foundation reported over 2,700 vulnerable systems globally, with approximately 2,000 already compromised.

In response, the Cybersecurity and Infrastructure Security Agency (CISA) added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch their systems by December 9.

Additionally, CISA flagged another severe vulnerability (CVE-2024-5910) in the Palo Alto Networks Expedition tool, exploited in November, as well as a previous critical flaw (CVE-2024-3400) impacting over 82,000 devices earlier this year.

Palo Alto Networks has urged customers to secure management interfaces:
"Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines," the company advised.
Read more »
Subscribe to: Posts (Atom)