WARNING: ASUS FIXED THREE REMOTE CODE EXECUTION VULNERABILITIES IN THEIR ROUTERS, PATCH IMMEDIATELY!
CVE-2024-3912: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-3080: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-3079: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Bronnen
TW-CERT: https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html
TW-CERT: https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html
TW-CERT: https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html
ASUS: https://www.asus.com/content/asus-product-security-advisory/
Risico’s
ASUS addressed three critical remote code execution vulnerabilities in their routers. A remote attacker could exploit these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.
The flaws affect multiple ASUS router models, but not all will be getting security updates due to them having reached their end-of-life (EoL). An EoL product should be replaced with a newer model that continues to receive security updates.
The vulnerabilities have a HIGH impact on Confidentiality, Integrity and Availability.
Beschrijving
ASUS patched three vulnerabilities that can lead to Remote Code Execution.
See the security advisories from TW-CERT for more information about the software versions available to mitigate these vulnerabilities.
CVE-2024-3079: https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html
CVE-2024-3912: https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html
CVE-2024-3080: https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Referenties
Bleeping Computer: https://www.bleepingcomputer.com/news/security/asus-warns-of-critical- remote-authentication-bypass-on-7-routers/