Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three critical flaws that are currently being actively exploited. These vulnerabilities impact a range of products, from industrial control systems (ICS) to web-based applications. The newly added vulnerabilities include CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667, each affecting high-profile systems in industries such as manufacturing, telecommunications, and energy.
The first flaw added to the Known Exploited Vulnerabilities (KEV) catalog, CVE-2023-45727, affects North Grid’s Proself product suite, including versions prior to 5.62 of Proself Enterprise/Standard Edition, 1.65 of Proself Gateway Edition, and 1.08 of Proself Mail Sanitize Edition. The second vulnerability, CVE-2024-11680, affects ProjectSend, an open-source file management application.
The last vulnerability, CVE-2024-11667, impacts several Zyxel firewall products, including the ATP series, USG FLEX series, USG FLEX 50(W), and USG20(W)-VPN series, with versions prior to 5.38 being affected. Organizations using these products are urged to apply patches promptly to mitigate the risks associated with these vulnerabilities.
Technical Details of the Vulnerabilities
CVE-2023-45727: Proself Vulnerability in North Grid Proself Systems
One of the newly cataloged vulnerabilities, CVE-2023-45727, affects North Grid Corporation’s Proself product suite. Specifically, the vulnerability is found in versions prior to 5.62 of Proself Enterprise/Standard Edition, 1.65 of Proself Gateway Edition, and 1.08 of Proself Mail Sanitize Edition. This flaw allows attackers to exploit improper restrictions on XML External Entity (XXE) processing, which can lead to remote unauthenticated attacks.
By submitting specially crafted XML data, attackers can gain access to sensitive files, including those containing account information. This opens the door for data theft or manipulation. The CVSS score for CVE-2023-45727 is notably high, signaling the severity of this flaw.
CVE-2024-11680: ProjectSend Authentication Vulnerability
CVE-2024-11680 addresses an issue in ProjectSend, an open-source file management application. Versions prior to r1720 of ProjectSend are vulnerable to improper authentication, allowing attackers to send malicious HTTP requests to the application’s configuration files.
Exploiting this flaw, attackers can bypass authentication mechanisms and gain unauthorized access to modify system configurations, create new accounts, and upload malicious content such as webshells and embedded JavaScript.
The critical nature of this vulnerability is highlighted by its CVSS score of 9.8, categorizing it as a high-risk flaw with the potential for extensive compromise if left unaddressed. Remote attackers do not require prior access or authentication to exploit this vulnerability, making it even more dangerous to organizations using ProjectSend versions below r1720.
CVE-2024-11667: Zyxel Path Traversal in Multiple Firewalls
The third vulnerability in CISA’s latest update is CVE-2024-11667, which affects several Zyxel firewall products. Specifically, the flaw resides in the web management interface of ATP series and USG FLEX series firewalls, as well as USG FLEX 50(W) and USG20(W)-VPN series devices. Versions of these products prior to 5.38 are susceptible to a path traversal vulnerability, which allows attackers to manipulate file paths and potentially download or upload arbitrary files.
The flaw could allow attackers to access sensitive files or upload malicious software onto affected devices. With a CVSS score of 7.5, this vulnerability is deemed high-risk but not as critical as CVE-2024-11680. However, for organizations relying on Zyxel products to secure their networks, addressing this flaw is essential to prevent unauthorized access and maintain the integrity of their firewalls.
Sector-Wide Impact of Known Exploited Vulnerabilities
These newly cataloged vulnerabilities stress the ongoing risks in industrial control systems (ICS) and critical infrastructure. For example, flaws in systems like Proself, ProjectSend, and Zyxel firewalls can expose vulnerable systems to a range of cyberattacks, including unauthorized access, data exfiltration, and service disruption. Such vulnerabilities are particularly concerning for sectors like energy, critical manufacturing, and telecommunications, where any disruption can have far-reaching consequences.
With CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667 now added to the list of Known Exploited Vulnerabilities, organizations using these products must adopt upgraded cybersecurity measures to defend against attacks. Organizations are strongly encouraged to follow best practices in patch management, including regularly applying vendor-issued patches and updates.
For example, users of Proself should upgrade to newer versions that address the XXE vulnerability, while ProjectSend users should ensure they are running r1720 or later. Additionally, Zyxel firewall users should promptly update firmware versions to mitigate the path traversal flaw.
Mitigation and Recommendation Strategies
To mitigate the risks associated with these vulnerabilities, organizations are advised to implement several key cybersecurity measures:
- Ensure that all systems are regularly updated with the latest security patches to reduce the risk of exploitation from Known Exploited Vulnerabilities.
- Adopt a zero-trust model where all access requests are treated as potentially hostile, requiring stringent verification before granting access.
- By segmenting networks, organizations can contain potential breaches and prevent attackers from moving laterally through critical systems.
- Implement multi-factor authentication (MFA) to protect sensitive systems and reduce the likelihood of unauthorized access.
- Regularly conduct vulnerability scans, penetration testing, and security audits to identify and address weaknesses before they can be exploited.
Conclusion
The recent updates to CISA’s Known Exploited Vulnerabilities catalog highlight the urgency to address critical security flaws in widely used products. The vulnerabilities in North Grid’s Proself, ProjectSend, and Zyxel firewall systems can expose businesses to a range of cyber threats, including unauthorized access, data theft, and system manipulation.
As these vulnerabilities can be leveraged for cyberattacks, organizations must apply timely patches, follow best practices in patch management, and adopt cybersecurity strategies. Implementing security measures such as multi-factor authentication, network segmentation, and regular vulnerability assessments will help organizations protect against potential breaches and reduce the risk of exploitation.
