On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of four critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This move was prompted by clear evidence indicating that these vulnerabilities are currently being exploited in active attacks.
The vulnerabilities identified are significant and warrant immediate attention. One vulnerability, CVE-2024-45195, carries a CVSS score of 7.5/9.8 and affects Apache OFBiz. It allows remote attackers to bypass access controls and execute arbitrary code on the server. This vulnerability was addressed in an update released in September 2024.
Another critical issue, CVE-2024-29059, also with a CVSS score of 7.5, is found within the Microsoft .NET Framework. It poses a risk of information disclosure that could potentially lead to remote code execution. Microsoft has provided a fix for this vulnerability in its update released in March 2024.
Additionally, CVE-2018-9276, which scores 7.2 on the CVSS scale, exists within the Paessler PRTG Network Monitor. This vulnerability allows attackers with administrative privileges to execute operating system commands via the web console. It was mitigated through updates made in April 2018.
Lastly, CVE-2018-19410, a severe vulnerability rated at 9.8, also affects PRTG Network Monitor. It enables a remote, unauthenticated attacker to include local files, creating users with read-write access. This vulnerability was also resolved in an April 2018 update.
While all identified vulnerabilities have been patched by their respective vendors, it is noteworthy that no detailed reports on their exploitation in real-world scenarios have surfaced. Consequently, organizations, particularly those within the Federal Civilian Executive Branch (FCEB), are advised to implement the necessary updates by February 25, 2025, to mitigate risks from active threats.
From an adversarial tactics perspective, these vulnerabilities may align with several techniques in the MITRE ATT&CK framework. Techniques like Initial Access and Privilege Escalation could have been employed by attackers to gain unauthorized control over systems affected by these flaws. Such exploitation not only jeopardizes organizational assets but also emphasizes the ongoing need for vigilance in cybersecurity practices.
As cyber threats continue to evolve, businesses must remain proactive in understanding and defending against potential vulnerabilities. This incident serves as a crucial reminder of the importance of timely updates and monitoring for emerging threats.
