The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding three critical security vulnerabilities actively exploited in the wild. These vulnerabilities, now included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, demand immediate attention from organizations and individuals to prevent potential compromise.
Vulnerability Breakdown:
-
CVE-2023-45727 (CVSS 7.5): Affecting Proself Enterprise/Standard Edition, Proself Gateway Edition, and Proself Mail Sanitize Edition (versions prior to 5.63, 1.66, and 1.08 respectively), this vulnerability enables remote, unauthenticated attackers to conduct XML External Entity (XXE) attacks. Successful exploitation may permit unauthorized access to sensitive account information stored on affected servers.
-
CVE-2024-11680 (CVSS 9.8): This critical vulnerability in ProjectSend (versions prior to r1720) allows remote, unauthenticated attackers to manipulate the application’s configuration via crafted HTTP requests. This manipulation can lead to unauthorized account creation, web shell uploads, and the injection of malicious JavaScript, ultimately providing attackers with significant control over compromised systems. Public exploits, such as Nuclei templates and Metasploit modules, have facilitated widespread exploitation. Vulncheck’s research indicates that 99% of ProjectSend instances remain vulnerable, with public exploits readily available and active exploitation observed since September. Censys identified 4,026 publicly accessible ProjectSend instances at the time of this report. While the exact versions couldn’t be determined for all instances, a significant portion (40%) are located in the United States, with about 9% associated with CloudFlare’s network infrastructure.
-
CVE-2024-11667 (CVSS 7.5): A directory traversal vulnerability impacting Zyxel ATP series, USG FLEX series, USG FLEX 50(W) series, and USG20(W)-VPN series firmware versions V5.00 through V5.38. This vulnerability allows attackers to download or upload files through crafted URLs, potentially compromising sensitive data and system integrity. Concerningly, this vulnerability is linked to the deployment of Helldown ransomware, with confirmed attacks on German entities.
CISA’s Call to Action:
CISA urges all users and organizations to prioritize the immediate patching of affected systems to mitigate the risk posed by these actively exploited vulnerabilities. Federal Civilian Executive Branch (FCEB) agencies have time till December 24, 2024, to apply the patches to secure their networks against potential threats.
Related Posts:
- CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited
- CVE-2024-11680 (CVSS 9.8): Critical ProjectSend Vulnerability Actively Exploited, PoC Published
- CVE-2023-45727: Proself Zero-Day Security Vulnerability
- CISA Adds 12 New Known Actively Exploited Vulnerabilities to its Catalog
- CISA Warns of Actively Exploited Adobe Flash Player Vulnerabilities
