The Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities to its known Exploited Vulnerabilities (KEV) catalog. A total of six vulnerabilities have been identified across various products, including Zimbra Collaboration, Ivanti, D-Link, DrayTek, GPAC, and SAP. Notably, these vulnerabilities span a range of severity levels, from critical to medium, demanding immediate attention.
One of the most interesting entries is CVE-2024-45519, associated with Zimbra Collaboration. This critical vulnerability has been assigned a CVSS score of 9.8, indicating its severe nature. The issue arises from the postjournal service in specific versions of Zimbra, which may permit unauthenticated users to execute commands.
This vulnerability was first analyzed by researchers from ProjectDiscovery, who demonstrated a Proof of Concept (PoC) exploit. On October 1, 2024, security researcher Ivan Kwiatkowski reported that mass exploitation of this vulnerability had commenced, with Cyble’s ODIN scanner revealing 35,315 internet-facing ZCS instances at the time of the advisory’s publication.
Another critical vulnerability highlighted is CVE-2024-29824 in Ivanti’s Endpoint Manager (EPM) 2022. This high-severity SQL Injection vulnerability allows an unauthenticated attacker within the same network to execute arbitrary code. Exploitation attempts have been noted by the Shadowserver Foundation, highlighting the urgency of patching this vulnerability, which carries a CVSS score of 8.8.
The advisory also discusses CVE-2023-25280, a critical OS injection vulnerability affecting D-Link devices. This flaw, which allows an attacker to manipulate system commands through insufficient validation of the ping_addr parameter.
Other Notable Vulnerabilities
Additionally, CVE-2020-15415 affects several models of DrayTek routers, allowing remote command execution via OS injection. With a CVSS score of 9.8, this vulnerability is deemed critical and must be addressed urgently. Cyble’s ODIN scanner indicated that 275,109 instances of affected routers are currently exposed, emphasizing the widespread risk.
Furthermore, CVE-2021-4043 represents a medium-severity vulnerability in the GPAC repository, which may lead to a denial-of-service (DoS) condition. Finally, CVE-2019-0344 in SAP Commerce Cloud also poses a critical risk due to unsafe deserialization, allowing arbitrary code execution with minimal authentication requirements.
The addition of these vulnerabilities to CISA’s KEV catalog is a clear indicator that threat actors are actively exploiting them. Organizations must recognize that vulnerabilities listed in the KEV catalog represent real-world risks, not just theoretical concerns. Failure to address these issues can lead to severe consequences, including data breaches, ransomware attacks, and privilege escalation.
Conclusion
CISA’s advisory highlights the urgent need for organizations to address vulnerabilities that have been identified and exploited in the wild. With the cyber threat landscape continuously evolving, timely patching and the adoption of better security practices are essential to safeguarding sensitive information and maintaining organizational integrity.
Recommendations and Mitigations
- To combat these vulnerabilities effectively, organizations are urged to implement several key strategies:
- Regularly apply the latest patches from official vendors for all software and hardware systems. Establish a routine for patch management, prioritizing critical updates.
- Develop a comprehensive patch management process that encompasses inventory management, assessment, testing, deployment, and verification of updates. Automate where possible to improve efficiency.
- Implement proper network segmentation to protect critical assets. This can be achieved through firewalls, VLANs, and strict access controls, effectively minimizing exposure to potential threats.
- Maintain an updated incident response plan detailing procedures for detecting, responding to, and recovering from security incidents. Regularly test and refine this plan to ensure its effectiveness.
- Proactively identify and phase out end-of-life products to minimize risk exposure. Organizations should prioritize timely upgrades or replacements for critical systems.
