CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an updated advisory regarding four security vulnerabilities actively exploited in the wild. These vulnerabilities, now included in the Known Exploited Vulnerabilities (KEV) catalog, pose significant risks to both private and public sector organizations.

CVE-2024-43093: Android Framework Privilege Escalation Vulnerability

This vulnerability enables privilege escalation within the Android Framework, potentially granting unauthorized access to sensitive directories such as “Android/data,” “Android/obb,” and “Android/sandbox.” While the precise attack vectors remain undisclosed, Google acknowledges evidence of limited, targeted exploitation.

CVE-2024-51567 (CVSS 10): CyberPanel Incorrect Default Permissions Vulnerability

A critical vulnerability in CyberPanel, a widely used web hosting control panel, permits remote attackers to bypass authentication mechanisms and execute arbitrary commands. Exploitation has been observed in the wild, highlighting the urgent need for remediation. Affected versions include those through 2.3.6 and (unpatched) 2.3.7.

CVE-2019-16278 (CVSS 9.8): Nostromo nhttpd Directory Traversal Vulnerability

This directory traversal vulnerability in Nostromo nhttpd web server, though initially disclosed in 2019, continues to be exploited. Successful exploitation can lead to remote code execution, enabling attackers to compromise affected servers and potentially exfiltrate data or disrupt services.

CVE-2024-5910 (CVSS 9.3): Palo Alto Expedition Missing Authentication Vulnerability

Palo Alto Networks’ Expedition software harbors a missing authentication vulnerability that allows unauthorized access to administrative accounts. This vulnerability, patched in July 2024, remains under active exploitation. Attackers can leverage this flaw to gain control of Expedition servers, potentially accessing sensitive configuration data and credentials.

Mitigating the Threat

CISA urges all Federal Civilian Executive Branch (FCEB) agencies to prioritize patching these vulnerabilities by November 28, 2023. All organizations, regardless of sector, are strongly encouraged to take immediate action to mitigate these threats.

Related Posts:

• CVE-2024-5910: Critical Vulnerability Threatens Palo Alto Networks’ Expedition
• CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching
• PSAUX Ransomware is Exploiting Two Max Severity Flaws (CVE-2024-51567, CVE-2024-51568) in CyberPanel
• CISA Adds Three Actively Exploited Security Vulnerabilities to KEV Catalog, Urges Urgent Patching
• CISA Adds 12 New Known Actively Exploited Vulnerabilities to its Catalog
• Five Security Vulnerabilities Added to CISA’s KEV Catalog