The Cybersecurity and Infrastructure Security Agency (CISA) has issued an important warning after adding two critical vulnerabilities to its Known Exploited Vulnerabilities Catalog.
These vulnerabilities flagged due to active evidence of exploitation, highlight the ongoing threat landscape for organizations of all sizes.
CVE-2024-20767: Adobe ColdFusion Improper Access Control Vulnerability
The first newly added vulnerability, CVE-2024-20767, impacts Adobe ColdFusion and involves improper access control.
This flaw could allow unauthorized attackers to access restricted resources or systems. Given ColdFusion’s widespread use in web application development, exploitation of this vulnerability poses a high risk to enterprises that rely on it for their critical processes.
2024 MITRE ATT&CK Evaluation Results Released for SMEs & MSPs -> Download Free Guide
Organizations using Adobe ColdFusion are strongly advised to act swiftly by applying any available patches or mitigations provided by Adobe.
CVE-2024-35250: Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
The second vulnerability, CVE-2024-35250, resides in the Windows Kernel-Mode Driver and is linked to an untrusted pointer dereference issue.
This flaw could allow attackers to execute malicious code with elevated system privileges if exploited.
This vulnerability is particularly concerning because it could compromise Windows systems at the kernel level, offering attackers a pathway to deeply infiltrate enterprise environments.
Microsoft is expected to release or has already released security updates addressing this issue, and users should prioritize their installation.
As mandated by the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies must address these vulnerabilities by the prescribed deadline.
According to the CISA report, This directive ensures that federal networks are defended against active threats by reducing exposure to these high-risk CVEs.
While BOD 22-01 directly applies to federal agencies, CISA strongly encourages public and private organizations to adopt proactive vulnerability management practices.
By prioritizing timely remediation of vulnerabilities listed in the catalog, organizations can better protect themselves from cyberattacks.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free