The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding four critical vulnerabilities actively exploited in the wild, urging organizations to take immediate action to mitigate risks.
These flaws, affecting CyberPanel, North Grid Proself, ProjectSend, and Zyxel firewalls, pose significant threats to cybersecurity.
The vulnerabilities are tracked as:-
- CVE-2024-51378
- CVE-2023-45727
- CVE-2024-11680
- CVE-2024-11667
CISA highlighted the urgency of addressing these vulnerabilities as part of its Known Exploited Vulnerabilities (KEV) catalog under Binding Operational Directive (BOD) 22-01.
Failure to mitigate these flaws could lead to severe consequences, including data breaches, system compromises, and ransomware attacks.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
Flaws Exploited In Wild
CVE-2024-51378: CyberPanel Incorrect Default Permissions
This vulnerability in CyberPanel allows attackers to bypass authentication and execute arbitrary commands via shell metacharacters. It has been linked to ransomware campaigns. Organizations are advised to follow vendor mitigation instructions or discontinue use if fixes are unavailable. The deadline for federal agencies to address this issue is December 25, 2024.
CVE-2023-45727: North Grid Proself XXE Vulnerability
North Grid Proself Enterprise/Standard and related products are vulnerable to XML External Entity (XXE) attacks due to improper restrictions. This flaw could enable remote attackers to access sensitive files on the server. While its exploitation in ransomware campaigns remains unconfirmed, CISA recommends immediate patching or discontinuation of affected versions by December 24, 2024.
CVE-2024-11680: ProjectSend Improper Authentication
A critical flaw in ProjectSend allows unauthenticated attackers to modify application configurations, create accounts, and upload malicious webshells through crafted HTTP requests. With a CVSS score of 9.8, this vulnerability has been actively exploited. Organizations using ProjectSend are urged to update to version r1720 or later without delay.
CVE-2024-11667: Zyxel Firewall Path Traversal
Zyxel firewalls running ZLD firmware versions 5.00 through 5.38 are vulnerable to a path traversal flaw that enables attackers to upload or download files via crafted URLs. This vulnerability has been exploited in ransomware attacks such as Helldown, targeting both small businesses and larger organizations. Zyxel has released firmware updates addressing the issue and advises users to update immediately while also changing administrative passwords.
Apart from this, the organizations are advised to:-
- Apply vendor-provided patches or mitigation steps.
- Discontinue use of affected products if fixes are not available.
- Strengthen monitoring for suspicious activity.
The deadline for federal agencies to remediate these vulnerabilities is December 24 or 25, 2024, depending on the specific flaw.
Private organizations are strongly encouraged to act promptly to safeguard their systems against exploitation.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses