The Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about the exploitation of vulnerabilities in various popular software and hardware products, including Zyxel firewalls, CyberPanel, North Grid, and ProjectSend.
According to CISA, organizations using these products should take immediate action by implementing mitigations or discontinuing their use if fixes are not available to prevent potential cyber threats.
One of the vulnerabilities highlighted by CISA is the CVE-2024-51378 affecting CyberPanel, which is categorized as an incorrect default permissions vulnerability. This flaw allows attackers to bypass authentication and execute arbitrary commands by exploiting shell metacharacters in the statusfile property. The vulnerability, associated with the Common Weakness Enumeration (CWE) 276, has been linked to ransomware campaigns, emphasizing the urgency for organizations to address it promptly.
Another significant vulnerability identified is CVE-2023-45727, impacting North Grid Proself products such as Enterprise/Standard, Gateway, and Mail Sanitize versions. This vulnerability involves improper restriction of XML External Entity (XXE) references, potentially enabling remote, unauthenticated attackers to carry out XXE attacks. The issue, linked to CWE-611, underscores the importance of handling XML input properly to mitigate the risk.
ProjectSend, an open-source file sharing software, is also under scrutiny due to CVE-2024-11680, an improper authentication vulnerability. This vulnerability allows remote attackers to modify the application’s configuration through crafted HTTP requests to options.php. Exploiting this flaw could result in account creation, webshell uploads, and malicious JavaScript embedding. Organizations are advised to address this critical vulnerability associated with CWE-287 promptly to prevent severe consequences.
Additionally, CVE-2024-11667 affects multiple Zyxel firewall models, posing a path traversal vulnerability within the web management interface. This vulnerability enables attackers to download or upload files using manipulated URLs, aligning with CWE-22 related to path traversal concerns. The exploitation of this vulnerability has been associated with ransomware campaigns, highlighting the urgency for organizations to implement necessary security measures.
CISA’s advisory emphasizes the critical nature of these vulnerabilities and underscores the importance of immediate action to prevent potential cyber threats. Organizations utilizing Zyxel firewalls, CyberPanel, North Grid, or ProjectSend are encouraged to prioritize system updates and mitigation efforts to avoid security breaches, data loss, and unauthorized access.
Failure to address these vulnerabilities promptly could result in severe consequences, reinforcing the significance of proactive cybersecurity practices. It is essential for organizations to stay vigilant, apply security patches, and follow best practices to safeguard their systems and data from potential cyber risks.