Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products
Cyble-Blogs-CISA

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products

The Cybersecurity and Infrastructure Security Agency (CISA) adds multiple new vulnerabilities in its Known Exploited Vulnerability catalog, urging immediate action from organizations to mitigate risks.

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention.

CISA categorizes vulnerabilities based on the Common Vulnerabilities and Exposures (CVE) naming standards and the Common Vulnerability Scoring System (CVSS). This system classifies vulnerabilities into high, medium, and low categories. High vulnerabilities are assigned scores ranging from 7.0 to 10.0; medium vulnerabilities receive scores between 4.0 and 6.9, and low vulnerabilities score between 0.0 and 3.9.

The advisory outlines specific vulnerabilities and the products they affect, including SolarWinds, Mozilla Firefox, and Microsoft Windows.

Vulnerability Details

One of the critical vulnerabilities identified is CVE-2024-28987, which affects the SolarWinds Web Help Desk (WHD) software, specifically version 12.8.3 HF1 and all earlier versions. This vulnerability is classified as critical, with a CVSS score of 9.1. It allows remote, unauthenticated users to access internal functionalities and modify data due to hardcoded credentials in the software.

Public proof-of-concept exploits for this vulnerability are readily available, highlighting its severity. According to Cyble’s ODIN scanner, approximately 920 internet-facing instances of SolarWinds WHD have been identified, primarily located in the United States.

Another vulnerability, CVE-2024-9680, affects multiple versions of Firefox and Thunderbird and has a critical CVSS score of 9.8. This vulnerability arises from a use-after-free flaw in Animation timelines, enabling an attacker to execute arbitrary code. Mozilla has acknowledged reports of this vulnerability being exploited in the wild, further emphasizing the need for immediate remediation.

report-ad-banner

The third vulnerability, CVE-2024-30088, impacts various Windows products, including Windows Server 2016 and multiple Windows 10 and 11 versions. It has a CVSS score of 7.0, classifying it as high severity. This vulnerability exploits a race condition within the Windows kernel, allowing attackers to gain SYSTEM privileges. Researchers from Trend Micro have reported observing the Advanced Persistent Threat (APT) group APT34 leveraging this vulnerability for privilege escalation in targeted systems.

Recommendations

  • Organizations should apply the latest patches from official vendors.
  • Establish a routine schedule for regularly updating all software and hardware systems.
  • Ensure critical updates are prioritized for immediate application to reduce exposure to exploits.
  • Isolate sensitive assets from less secure areas to minimize risk and reduce the attack surface.
  • Implement firewalls, Virtual Local Area Networks (VLANs), and access controls to limit threat exposure.
  • Develop and regularly update an incident response plan for detecting, responding to, and recovering from security incidents.
  • Conduct regular tests of the incident response plan to ensure its effectiveness against evolving threats.
  • Use comprehensive monitoring and logging solutions to detect and analyze suspicious activities across the network.
  • Utilize Security Information and Event Management (SIEM) systems for real-time threat detection and response by aggregating and correlating logs.
  • Proactively identify and plan for the timely upgrades or replacements of End-of-Life (EOL) products to mitigate associated risks.

Conclusion

The addition of these vulnerabilities to CISA’s KEV catalog highlights the urgent need for organizations to address them immediately. The fact that these vulnerabilities are actively exploited signifies that organizations with affected systems face heightened risks, including potential data breaches, ransomware attacks, and privilege escalation.

Organizations must promptly patch these vulnerabilities to safeguard their systems from malicious actors. By following these recommendations, organizations can significantly strengthen their cybersecurity and protect against critical vulnerabilities.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision

Threat Landscape Reports 2025

annual-threat-report-2025
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading