The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning that these flaws are under active exploitation in the wild. The vulnerabilities, spanning Apache OFBiz, Microsoft .NET Framework, and Paessler PRTG Network Monitor, pose significant security risks, including unauthorized remote code execution, information disclosure, and privilege escalation.
1. Apache OFBiz: A Backdoor Bypassed (CVE-2024-45195)
First up is a nasty flaw in Apache OFBiz, the open-source enterprise resource planning (ERP) system. Tracked as CVE-2024-45195, this vulnerability allows attackers to bypass authentication and remotely execute code on both Linux and Windows servers. Imagine a digital skeleton key that unlocks the entire company’s data and systems. What makes this particularly concerning is that this isn’t a brand new vulnerability. It’s a bypass for a series of previously patched issues (CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856). This highlights the importance of not just patching, but ensuring those patches are correctly implemented and haven’t introduced new weaknesses. As security researcher Ryan Emmons from Rapid7 puts it, attackers are exploiting “missing view authorization checks” to wreak havoc.
2. Microsoft .NET Framework: Information Leak Leads to Potential Takeover (CVE-2024-29059)
Next on the list is CVE-2024-29059, an information disclosure vulnerability in the Microsoft .NET Framework. While seemingly less severe than remote code execution, information leaks can be a crucial stepping stone for attackers. In this case, successful exploitation could grant access to the ObjRef URI, which could then be leveraged for remote code execution. It’s like giving a burglar a map of your house; they still need to find the key, but they know where to look.
3 & 4. Paessler PRTG Network Monitor: Double Trouble (CVE-2018-9276 & CVE-2018-19410)
Finally, we have a double whammy for users of Paessler PRTG Network Monitor. CVE-2018-9276 is an OS command injection vulnerability that allows attackers with administrative access to the PRTG web console to inject malicious commands. This is a serious issue, potentially giving attackers complete control over the network monitoring system and the devices it manages. Adding insult to injury, CVE-2018-19410 is a local file inclusion vulnerability that allows unauthenticated attackers to create users with administrative privileges. This means an attacker could effectively give themselves the keys to the kingdom without even needing to break down the front door.
Call to Action: Patch Now!
CISA’s inclusion of these vulnerabilities in the KEV catalog serves as a stark reminder of the constant threat landscape we face. For Federal Civilian Executive Branch (FCEB) agencies, remediation is recommended by February 25, 2025, per Binding Operational Directive (BOD) 22-01.
Related Posts:
- Actively Exploited Apache OFBiz Flaw Triggers Urgent Security Alert
- CISA Adds 12 New Known Actively Exploited Vulnerabilities to its Catalog
- CVE-2024-38856: Critical Apache OFBiz Flaw Opens Door to Unauthorized Code Execution
- CISA Adds Seven New Vulnerabilities in Known Exploited Vulnerabilities Catalog
- PoC Exploit Released for Apache OFBiz Remote Code Execution Flaw (CVE-2024-38856)
