Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding two critical security flaws affecting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM). This action stems from emerging evidence indicating active exploitation of these vulnerabilities.
The newly added vulnerabilities are of significant concern to organizations relying on these platforms. The first, identified as CVE-2017-3066, has a CVSS score of 9.8 and involves an issue in the Apache BlazeDS library utilized by Adobe ColdFusion. This deserialization vulnerability permits arbitrary code execution, and it was addressed in a security update released in April 2017.
The second vulnerability, CVE-2024-20953, is linked to Oracle Agile PLM and has a CVSS score of 8.8. It allows a low-privileged attacker network access through HTTP to compromise the system. This flaw was rectified in a patch released by Oracle in January 2024.
At this time, no public reports have confirmed exploit activity targeting these specific vulnerabilities. However, it is noteworthy that another vulnerability affecting Oracle Agile PLM, identified as CVE-2024-21287, was actively abused late last year, highlighting the ongoing risk to organizations.
To mitigate risks associated with these vulnerabilities, it is imperative that users implement the latest updates promptly. According to CISA, federal agencies have until March 17, 2025, to secure their networks against these threats.
This update coincides with reports from threat intelligence firm GreyNoise, which detailed active exploitation attempts targeting CVE-2023-20198, a recently patched security flaw affecting vulnerable Cisco devices. GreyNoise identified approximately 110 malicious IP addresses connected to this activity, primarily originating from Bulgaria, Brazil, and Singapore.
The report indicated that during December 2024 and January 2025, two malicious IPs exploited a different vulnerability, CVE-2018-0171, originating from Switzerland and the United States. This activity occurred concurrently with reported breaches of telecom networks by the Chinese state-sponsored threat group known as Salt Typhoon, utilizing multiple vulnerabilities.
Given the heightened level of activity surrounding these vulnerabilities, it is essential for businesses to remain vigilant. Adhering to best practices for cybersecurity, including monitoring for updates and understanding potential threats, can greatly reduce the risk of compromise. Organizations should remain aware of tactics outlined in the MITRE ATT&CK framework, such as initial access and privilege escalation, which provide insights into potential attack vectors that could be leveraged by adversaries.
