CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, highlighting five security flaws currently being exploited in the wild. These vulnerabilities span across Microsoft, Cisco, Atlassian, and Metabase products and pose significant risks to systems handling sensitive data or exposed to public networks.

1. CVE-2024-43451 (CVSS 6.5): NTLM Hash Disclosure Vulnerability

This vulnerability is particularly concerning due to its simplicity in triggering. According to Microsoft, minimal interaction with a malicious file, such as a single click or right-click action, could expose a user’s NTLMv2 hash to a remote attacker. NTLM hashes, which serve as cryptographic credentials for users, could allow attackers to authenticate as the compromised user, providing access to sensitive resources.

2. CVE-2024-49039 (CVSS 8.8): Windows Task Scheduler Elevation of Privilege Vulnerability

Discovered by Google’s Threat Analysis Group, this vulnerability allows attackers to execute a specially crafted application to escalate privileges from a low-integrity AppContainer environment to a medium-integrity level. This privilege escalation can enable attackers to run RPC functions typically restricted to high-privilege accounts, providing unauthorized access to otherwise protected resources.

3. CVE-2021-41277 (CVSS 10): Metabase GeoJSON API Local File Inclusion Vulnerability

Metabase, a widely used open-source business intelligence platform, harbors a critical vulnerability that allows attackers to leverage the GeoJSON API for local file inclusion. This vulnerability can lead to unauthorized data access and system compromise, underscoring the critical need for timely software updates and secure configuration practices.

4. CVE-2014-2120: Cisco ASA WebVPN Cross-Site Scripting Vulnerability

This vulnerability, residing in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software, enables attackers to inject malicious scripts, potentially compromising user credentials and facilitating session hijacking. The persistence of this legacy vulnerability emphasizes the importance of comprehensive vulnerability management programs and the need to address vulnerabilities across all systems, regardless of age.

5. CVE-2021-26086 (CVSS 5.3): Atlassian Jira Server and Data Center Path Traversal Vulnerability

This vulnerability in Atlassian Jira Server and Data Center allows attackers to exploit a path traversal flaw to gain unauthorized access to sensitive files. This vulnerability highlights the importance of secure coding practices and the need for continuous security testing to identify and remediate vulnerabilities in software applications.

Mitigating the Threat

CISA’s mandate for FCEB agencies to patch these vulnerabilities by December 3, 2024, serves as a critical reminder for organizations across all sectors to prioritize vulnerability management.

Related Posts:

• Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
• CVE-2024-10575 (CVSS 10): Critical Flaw in Schneider Electric’s EcoStruxure IT Gateway
• Apache CloudStack Releases Security Update for KVM Infrastructure Vulnerability – CVE-2024-50386
• Microsoft Addresses Critical Zero-Day Vulnerabilities in November Patch Tuesday