Category | Details |
---|---|
Threat Actors | Not specified. |
Campaign Overview | Discovery of five Nvidia out-of-bounds access vulnerabilities in shader processing and eleven vulnerabilities in LevelOne WBR-6012 SOHO router. |
Target Regions (Victims) | Nvidia vulnerabilities impact PC users; LevelOne vulnerabilities impact small office/home users of the WBR-6012 router globally. |
Methodology | Remote exploitation via web browsers and virtualized environments (Nvidia); exploitation of hard-coded credentials, cross-site request forgery, resource allocation flaws, and improper input validation (LevelOne). |
Product Targeted | Nvidia Graphics GPU drivers; LevelOne WBR-6012 SOHO router. |
Malware Reference | None mentioned. |
Tools Used | RemoteFX (for Nvidia vulnerabilities, though deprecated by Microsoft). |
Vulnerabilities Exploited | Nvidia: TALOS-2024-1955 (CVE-2024-0121), TALOS-2024-2012 (CVE-2024-0117), TALOS-2024-2013 (CVE-2024-0118), TALOS-2024-2014 (CVE-2024-0120), TALOS-2024-2015 (CVE-2024-0119). LevelOne: Multiple CVEs (CVE-2024-28875 to CVE-2024-33623). |
TTPs | Memory corruption, unauthorized access, cross-site request forgery, authentication bypass, denial of service, and sensitive information disclosure. |
Attribution | Nvidia: Piotr Bania (Talos team). LevelOne: Patrick DeSantis and Francesco Benvenuto (Talos team). |
Recommendations | – For Nvidia, update to patched drivers. – For LevelOne, update firmware to the latest version when released. – Use Snort rules to detect exploitation. – Disable deprecated software like RemoteFX. |
Source | Cisco Talos Blog |
Read full article: https://blog.talosintelligence.com/nvidia-shader-out-of-bounds-and-level1-2/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply