The Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant step to enhance cybersecurity measures by updating its Known Exploited Vulnerabilities (KEV) Catalog with the inclusion of several newly identified vulnerabilities that have been actively exploited by cybercriminals. These vulnerabilities, which exist in commonly used software products, pose a serious threat to federal enterprises and critical infrastructure sectors. The recently added vulnerabilities – CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410 – have the potential to cause severe security breaches for affected systems.
One of the newly added vulnerabilities, CVE-2024-45195, pertains to a critical flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability involves forced browsing, allowing attackers to circumvent security restrictions by directly accessing specific URLs, potentially exposing sensitive data. The flaw, found in Apache OFBiz versions prior to 18.12.16, could lead to unauthorized access to various sections of websites, depending on the strength of authorization mechanisms. Exploiting this vulnerability could enable attackers to elevate privileges and gain access to confidential information, emphasizing the need for organizations using Apache OFBiz to update to version 18.12.16 or newer.
Another serious vulnerability, CVE-2024-29059, affects the Microsoft .NET Framework, enabling attackers to extract sensitive information from systems running older versions of the framework, such as 4.8, 3.5, and 4.7.2. With a CVSS score of 7.5 (High), the flaw presents a substantial risk to organizations utilizing Windows 10 or Windows Server versions where this vulnerability is prevalent. CISA has urged organizations to swiftly apply patches or updates to mitigate the risk of data exposure and potential breaches resulting from CVE-2024-29059 exploitation.
The CVE-2018-9276 vulnerability is associated with a critical flaw in Paessler PRTG Network Monitor, a widely-used IT network monitoring tool. This vulnerability, discovered in versions before 18.2.39, allows attackers with administrator privileges to inject operating system commands into the system, potentially compromising entire network infrastructures. Organizations relying on PRTG for network monitoring are advised to update their systems promptly to address this vulnerability.
Furthermore, CVE-2018-19410, another vulnerability in Paessler PRTG Network Monitor, involves a Local File Inclusion (LFI) flaw that enables unauthenticated attackers to bypass security restrictions and escalate their privileges by crafting malicious HTTP requests. Exploiting this vulnerability, discovered in versions before 18.2.40.1683, could result in serious security breaches as attackers gain control over the system and access sensitive data.
In conclusion, the inclusion of vulnerabilities such as CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410 in the Known Exploited Vulnerabilities Catalog underscores the critical importance of proactive vulnerability management. Organizations must prioritize regular patching of their systems to prevent exploitation, particularly those handling sensitive data or critical infrastructure. Leveraging advanced tools like Cyble for real-time monitoring and insights can enhance defense mechanisms against cyber threats. It is imperative for organizations to stay vigilant and proactive in addressing known vulnerabilities to safeguard their digital assets and infrastructure from malicious cyber activities.