

North Korean APT Kimsuky aka Black Banshee – Active IOCs
September 27, 2024
Kimsuky Uses New Malware FPSpy and KLogEXE in Focused Attacks – Active IOCs
September 27, 2024
North Korean APT Kimsuky aka Black Banshee – Active IOCs
September 27, 2024
Kimsuky Uses New Malware FPSpy and KLogEXE in Focused Attacks – Active IOCs
September 27, 2024Severity
Medium
Analysis Summary
CVE-2024-45751 CVSS:7.4
Linux target framework (tgt) could allow a remote attacker to bypass security restrictions, caused by the use of a cryptographically insecure random number generator for CHAP authentication. By utilizing replay attack techniques, an attacker could exploit this vulnerability to bypass CHAP authentication to modify the iSCSI target.
CVE-2024-43102 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by an use-after-free in umtx. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Security Bypass
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-45751
- CVE-2024-43102
Affected Vendors
Affected Products
- Linux target framework (tgt) 1.0.92
- FreeBSD FreeBSD - 14.1-RELEASE
Remediation
Upgrade to the latest version of Linux , available from the GIT Repository.