Security researchers are warning of active exploitation of a high-severity vulnerability in Ghostscript, a widely-used interpreter for the PostScript language and PDF files.
Tracked as CVE-2024-29510, the flaw is a format string issue, which allows threat actors to bypass the –dSAFER sandbox and achieve remote code execution (RCE). The vulnerability affects all Ghostscript versions up to and including 10.03.0.
Researchers from Codean published a proof-of-concept (PoC) exploit code demonstrating how attackers can leverage the vulnerability to bypass the –dSAFER sandbox and execute arbitrary shell commands on the target system.
Users and administrators are strongly recommended recommend to update their Ghostscript installations to the latest version, 10.03.1, which contains the necessary patches to mitigate the vulnerability.
In separate news, the Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server, including denial-of-service (DoS), remote code execution, unauthorized access, and information disclosure issues.
Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399, to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2024-20399 is an OS command injection issue that allows a local user to escalate privileges on the system. The vulnerability exists due to improper input validation. A local user can execute arbitrary commands as root on the underlying operating system of an affected device. The flaw was exploited as zero-day in a campaign by the China-linked Velvet Ant espionage group targeting Cisco Nexus devices.