CISA Adds New Vulnerabilities to KEV Catalog: Immediate Action Required
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog by adding two significant security flaws that have been actively exploited. These vulnerabilities affect the Microsoft Partner Center and the Synacor Zimbra Collaboration Suite (ZCS). This listing underscores the critical nature of these vulnerabilities, prompting urgent attention from organizations to mitigate risks.
The first vulnerability, identified as CVE-2024-49035, carries a CVSS score of 8.7 due to an improper access control issue within the Microsoft Partner Center. This flaw may permit attackers to escalate privileges and gain unauthorized access within systems. Microsoft addressed this vulnerability in November 2024, but the recognition of its exploitation in the wild necessitates that organizations remain vigilant in applying security updates.
The second vulnerability, CVE-2023-34192, has a higher CVSS score of 9.0 and pertains to a cross-site scripting (XSS) flaw in Synacor ZCS. This weakness allows remote authenticated attackers to execute arbitrary code by using a crafted script on the /h/autoSaveDraft function. The vulnerability was patched earlier, in July 2023, with the release of version 8.8.15 Patch 40, yet public reports have not surfaced regarding its exploitation in the wild.
Both vulnerabilities pose substantial risks to users and systems within their respective environments. The Microsoft Partner Center, utilized extensively by organizations for managing their solutions, now requires an immediate assessment of user privileges and access controls. Simultaneously, the risk of XSS in ZCS highlights the importance of robust input validation and script handling mechanisms.
Organizations affected by these vulnerabilities, particularly Federal Civilian Executive Branch (FCEB) agencies, are mandated to implement necessary updates by March 18, 2025, to secure their networks against potential exploitation. Given the evidence of active exploitation, it is critical for these entities to prioritize their patching strategies.
The timing of CISA’s announcement follows closely on the heels of a similar update regarding vulnerabilities in Adobe ColdFusion and Oracle Agile Product Lifecycle Management, further reinforcing the importance of maintaining awareness around emerging threats.
Utilizing the MITRE ATT&CK framework can provide deeper insight into the tactics and techniques potentially used in these types of attacks. Initial access and privilege escalation tactics could be key components in an adversary’s approach to exploiting these vulnerabilities, which underscores the necessity for organizations to adopt a holistic cybersecurity posture.
In conclusion, as new threats continue to emerge, tech-savvy business owners must remain proactive in understanding the vulnerabilities that could impact their operations. By ensuring systems are updated promptly, organizations can mitigate risks and bolster their defenses against potential cyber threats.
