The recent addition of multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about active exploitation in the wild. These vulnerabilities pose significant risks to organizations that use these products, as they can lead to authentication bypass, the execution of arbitrary commands, XXE attacks, improper authentication, and path traversal.
One such vulnerability, CVE-2023-45727, has been linked to a China-based cyber espionage group known as Earth Kasha (aka MirrorFace). This group has been actively exploiting the vulnerability, prompting CISA to add it to the KEV catalog. Additionally, malicious actors have been attempting to weaponize CVE-2024-11680 for dropping post-exploitation payloads, as revealed by cybersecurity vendor VulnCheck.
The exploitation of CVE-2024-51378 and CVE-2024-11667 has been attributed to ransomware campaigns such as PSAUX and Helldown, according to reports from Censys and Sekoia. These vulnerabilities allow attackers to download or upload files via crafted URLs and execute arbitrary commands, posing a serious threat to organizations that fall victim to ransomware attacks.
Federal Civilian Executive Branch (FCEB) agencies are urged to remediate the identified vulnerabilities by December 25, 2024, to ensure the security of their networks. Failure to address these vulnerabilities in a timely manner could expose these agencies to further cyber threats and attacks.
In a separate development, JPCERT/CC has warned that three security flaws in I-O DATA routers UD-LT1 and UD-LT1/EX are being exploited by unknown threat actors. These vulnerabilities, including incorrect permission assignment, OS command injection, and inclusion of undocumented features, allow attackers to read sensitive files, execute arbitrary commands, disable firewall functions, and alter router configurations.
Patches for CVE-2024-52564 have been released with firmware Ver2.1.9, while fixes for the remaining vulnerabilities are expected to be available with firmware Ver2.2.0 by December 18, 2024. In the meantime, I-O DATA is advising customers to take precautionary measures such as limiting the exposure of the settings screen to the internet, changing default passwords, and ensuring strong administrator passwords to reduce the risk of exploitation.
As the threat landscape continues to evolve, organizations must remain vigilant and proactive in addressing security vulnerabilities to protect their networks and sensitive data from malicious actors. Stay updated with the latest cybersecurity news and best practices to safeguard your organization from cyber threats.