The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new critical vulnerabilities, urging organizations to act promptly to mitigate the risks.
This catalog serves as the authoritative resource for vulnerabilities exploited in the wild, providing crucial guidance for organizations to prioritize their cybersecurity defenses effectively.
New Vulnerabilities Added to the KEV Catalog
As of January 13, 2025, CISA has identified two additional exploited vulnerabilities in widely used software products. These vulnerabilities, if left unaddressed, could pose significant risks to organizations, including unauthorized access and potential system compromise.
BeyondTrust Privileged Remote Access (PRA)
An OS command injection vulnerability (CVE-2024-12686) has been identified in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software.
This flaw enables attackers with existing administrative privileges to upload malicious files and execute operating system commands within the context of the site user.
Exploitation of this vulnerability could allow remote attackers to gain unauthorized access to critical system operations, posing a significant security risk.
At this time, there is no evidence linking this vulnerability to ransomware campaigns.
Organizations using these products must apply the recommended mitigations provided by BeyondTrust or discontinue use of the affected software if no patches are available.
Mitigation steps must be completed no later than February 3, 2025. Failure to act could expose your organization to significant security risks.
Qlik Sense HTTP tunneling vulnerability
A vulnerability (CVE-2023-48365) has been identified in Qlik Sense software involving HTTP tunneling. This flaw enables attackers to escalate privileges and send unauthorized HTTP requests to the backend server hosting the software.
Exploitation of this vulnerability could allow attackers to compromise backend servers, leading to potential data breaches or system manipulation.
Currently, there is no evidence linking this vulnerability to ransomware campaigns.
Organizations must implement mitigations as outlined by Qlik or discontinue the use of the affected software until the issue is resolved. Mitigation measures must be completed by February 3, 2025, to prevent potential security risks.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Importance of the KEV Catalog
CISA’s KEV Catalog is a key tool for network defenders and cybersecurity teams, helping them stay ahead of threat actors by highlighting vulnerabilities that have been exploited in real-world scenarios.
Security professionals are encouraged to integrate the KEV catalog into their vulnerability management workflows to streamline prioritization and remediation efforts.
The KEV catalog is available in multiple formats, including CSV, JSON, and Print View, to facilitate easy integration into organization-specific systems.
CISA strongly recommends that organizations take immediate action to address these newly added vulnerabilities. Timely mitigation ensures protection against potential exploitation and limits the risk of operational disruptions or data compromise.
The cybersecurity community can access the KEV catalog to stay informed about emerging threats and remain proactive in safeguarding their infrastructure.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!