Urgent: Patch Now to Address Active Exploits in Zyxel, ProjectSend, and CyberPanel Vulnerabilities

Published:

CISA Adds High-Severity Vulnerabilities to Its Catalog: A Call to Action for Federal Agencies

In a significant move for cybersecurity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog, adding a series of high-severity flaws that are currently being exploited in the wild. This update serves as a critical reminder for federal agencies and organizations to prioritize their cybersecurity measures, especially as the deadline for remediation approaches.

The Severity of the Threats

Among the newly added vulnerabilities, one stands out with a severity score of 10/10, marking it as critical. This flaw, tracked as CVE-2024-51378, is an incorrect default permissions vulnerability found in CyberPanel. It poses a significant risk as it allows attackers to bypass authentication and execute arbitrary commands using shell metacharacters. The implications of such a vulnerability are profound, as it can lead to unauthorized access and control over affected systems.

Other vulnerabilities of concern include CVE-2023-45727, which has a severity score of 7.5. This flaw affects Proself Enterprise/Standard Edition (Ver5.62 and earlier), Proself Gateway Edition (Ver1.65 and earlier), and Proself Mail Sanitize Edition (Ver1.08). It involves improper restriction of XML External Entity (XXE) references, which can be exploited to manipulate data and potentially compromise systems.

State-Sponsored Exploitation

The urgency surrounding these vulnerabilities is heightened by reports from cybersecurity researchers indicating that they are being actively exploited by Chinese state-sponsored actors, specifically a group known as Earth Kasha (also referred to as MirrorFace). Earlier this year, multiple cybersecurity entities, including Sekoia, Censys, and VulnCheck, raised alarms about these vulnerabilities, emphasizing the need for immediate action.

In addition to the CyberPanel vulnerability, Earth Kasha has leveraged flaws in other systems, including those from Array AG and Fortinet FortiOS/FortiProxy, to gain initial access to their targets. This coordinated exploitation underscores the sophisticated tactics employed by state-sponsored threat actors and the critical need for organizations to bolster their defenses.

Additional Vulnerabilities of Concern

Another critical vulnerability added to the KEV list is CVE-2024-11680, which affects ProjectSend versions prior to r1720. This flaw allows remote, unauthenticated users to create accounts, upload web shells, and embed malicious JavaScript, carrying a severity score of 9.8. The ability to execute such actions without authentication poses a severe risk to the integrity and security of affected systems.

Furthermore, vulnerabilities in solutions from Zyxel and North Grid are also part of this alarming update. These flaws can be exploited to bypass authentication, mount XXE attacks, drop malicious JavaScript, and deploy arbitrary files, further highlighting the diverse range of threats organizations face.

The Deadline for Action

CISA has mandated that federal agencies must address these vulnerabilities within a three-week timeframe, with the deadline set for December 25, 2024. This timeline emphasizes the urgency of the situation and the need for organizations to take immediate action to patch affected software or discontinue its use altogether.

Organizations that fail to comply with this directive risk exposing themselves to significant security threats, including data breaches, unauthorized access, and potential operational disruptions. The proactive identification and remediation of these vulnerabilities are essential steps in safeguarding sensitive information and maintaining the integrity of critical systems.

Conclusion

As cyber threats continue to evolve and become more sophisticated, the recent additions to CISA’s KEV catalog serve as a stark reminder of the vulnerabilities that exist within our digital infrastructure. The active exploitation of these flaws by state-sponsored actors highlights the importance of vigilance and prompt action in the realm of cybersecurity.

Organizations must prioritize their cybersecurity efforts, ensuring that they are aware of the vulnerabilities affecting their systems and taking the necessary steps to mitigate risks. By doing so, they can better protect themselves against the ever-present threat of cyberattacks and maintain the security of their operations.

For a complete list of the vulnerabilities added to the KEV catalog, organizations can refer to CISA’s official website. It is imperative that all stakeholders remain informed and proactive in their cybersecurity strategies to combat the growing landscape of cyber threats.

Related articles

Recent articles