CISA Issues Alert: Three Actively Exploited Vulnerabilities Demand Immediate Attention

Draytek Routers

The Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting their active exploitation in the wild and urging organizations to prioritize patching.

Draytek Routers Face Serious Risks

Two of the vulnerabilities, CVE-2021-20123 and CVE-2021-20124, affect Draytek VigorConnect routers, enabling unauthenticated attackers to gain unauthorized access to sensitive files on the underlying operating system. This poses a significant risk of data breaches and potential system compromise.

Kingsoft WPS Office Zero-Day Targeted in Espionage Campaign

CVE-2024-7262 affects Kingsoft WPS Office, a widely used office suite, particularly in China and East Asia. This path traversal vulnerability, with a CVSS score of 9.8, allows an attacker to load an arbitrary Windows library via the promecefpluginhost.exe component on Windows systems.

This flaw has been actively exploited in the wild by a South Korea-aligned cyber espionage group known as APT-C-60. The attackers have leveraged this zero-day vulnerability to deploy a custom backdoor dubbed SpyGlace, which has been used to infect targeted users with sophisticated malware. The malicious activity has predominantly targeted Chinese and East Asian users, highlighting the geopolitical implications of this cyber espionage campaign.

The vulnerability stems from inadequate validation of user-provided file paths, enabling adversaries to upload and execute arbitrary Windows libraries. This capability can lead to remote code execution, allowing attackers to take full control of the affected system, exfiltrate data, and maintain long-term persistence.

Mandatory Patching for Federal Agencies

CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies patch these vulnerabilities by September 24, 2024. However, all organizations are strongly advised to take immediate action to protect their infrastructure.

Related Posts: