On December 23, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability affecting Acclaim Systems USAHERDS to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows verifiable evidence that the flaw has been actively exploited.
The vulnerability, identified as CVE-2021-44207, has a CVSS score of 8.1. It involves hard-coded static credentials within Acclaim USAHERDS, which could enable an attacker to execute arbitrary code on vulnerable servers. These credentials, specifically the ValidationKey and DecryptionKey, are present in version 7.4.0.1 and earlier releases, creating a substantial security risk.
To exploit this vulnerability, an attacker must first acquire these static keys, which are crucial for securing the application’s ViewState. According to an advisory from Mandiant, a subsidiary of Google, “A threat actor with knowledge of these keys can trick the application server into deserializing maliciously crafted ViewState data.” This manipulation can lead to unauthorized code execution on the server.
While there have been no recent reports of CVE-2021-44207 being actively exploited, historical analysis indicates that the attack vector was utilized by the China-linked APT41 group in 2021 during a series of attacks against six U.S. state government networks. The attack serves as a stark reminder of the vulnerability’s potential impact.
CISA recommends that Federal Civilian Executive Branch (FCEB) agencies implement vendor-provided mitigations by January 13, 2025, as a proactive defense against any active threats. This underlines the critical importance of maintaining up-to-date security measures within enterprise environments, particularly for publicly accessible systems.
In related security news, Adobe recently issued a warning regarding a significant flaw in ColdFusion, identified as CVE-2024-53961, which carries a CVSS score of 7.8. A proof-of-concept exploit has already surfaced, capable of enabling arbitrary file system reads. Adobe has released patches in ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12, urging users to apply these fixes as soon as possible to mitigate risks.
Cybersecurity professionals and business leaders must remain vigilant about evolving threats and take necessary steps to secure their systems. Leveraging frameworks such as the MITRE ATT&CK Matrix can provide insights into potential adversary tactics and techniques, enhancing an organization’s ability to respond effectively to security challenges.
