Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Vulnerabilites In IBM Sterling Secure Proxy, Patch Immediately!
Image
Published : 21/01/2025
Reference:
Advisory #2025-16
Version:
1.0
Affected software:
IBM Sterling Secure Proxy versions 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, 6.2.0.0
Type:
CWE-732 (Incorrect Permission Assignment for Critical Resource) & CWE-1287 (Improper Validation of Specified Type of Input)
CVE/CVSS:
CVE-2024-41783: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-38337: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Sources
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41783
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38337
Risks
IBM released details of two critical vulnerabilities affecting their Sterling Secure Proxy (SSP) product. The first vulnerability allows an unauthorized attacker to retrieve and alter sensitive data. The second vulnerability enables a privileged user to inject commands into the underlying operating system.
Both vulnerabilities significantly impact the confidentiality and integrity of the system, while the second also poses a high risk to availability. Although no active exploitation of these vulnerabilities has been observed yet, proxies remain a popular target amongst attackers.
Description
CVE-2024-41783, CVSS 9.1
Due to incorrect permission assignment for critical resources (CWE-732), an unauthorized attacker can retrieve and alter sensitive data.
CVE-2024-38337, CVSS 9.1
Due to improper validation of a specified type of input (CWE-1287), a privileged user can inject commands into the underlying operating system.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. IBM released fixes for the reported vulnerabilities in versions 6.0.3.1 (fixpack) GA, 6.1.0.1 (fixpack) GA, and 6.2.0.0 ifix 01.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.