Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention.

CISA categorizes vulnerabilities based on the Common Vulnerabilities and Exposures (CVE) naming standards and the Common Vulnerability Scoring System (CVSS). This system classifies vulnerabilities into high, medium, and low categories. High vulnerabilities are assigned scores ranging from 7.0 to 10.0; medium vulnerabilities receive scores between 4.0 and 6.9, and low vulnerabilities score between 0.0 and 3.9.

The advisory outlines specific vulnerabilities and the products they affect, including SolarWinds, Mozilla Firefox, and Microsoft Windows.

Vulnerability Details

One of the critical vulnerabilities identified is CVE-2024-28987, which affects the SolarWinds Web Help Desk (WHD) software, specifically version 12.8.3 HF1 and all earlier versions. This vulnerability is classified as critical, with a CVSS score of 9.1. It allows remote, unauthenticated users to access internal functionalities and modify data due to hardcoded credentials in the software.

Public proof-of-concept exploits for this vulnerability are readily available, highlighting its severity. According to Cyble’s ODIN scanner, approximately 920 internet-facing instances of SolarWinds WHD have been identified, primarily located in the United States.

Another vulnerability, CVE-2024-9680, affects multiple versions of Firefox and Thunderbird and has a critical CVSS score of 9.8. This vulnerability arises from a use-after-free flaw in Animation timelines, enabling an attacker to execute arbitrary code. Mozilla has acknowledged reports of this vulnerability being exploited in the wild, further emphasizing the need for immediate remediation.

The third vulnerability, CVE-2024-30088, impacts various Windows products, including Windows Server 2016 and multiple Windows 10 and 11 versions. It has a CVSS score of 7.0, classifying it as high severity. This vulnerability exploits a race condition within the Windows kernel, allowing attackers to gain SYSTEM privileges. Researchers from Trend Micro have reported observing the Advanced Persistent Threat (APT) group APT34 leveraging this vulnerability for privilege escalation in targeted systems.

Recommendations

• Organizations should apply the latest patches from official vendors.
• Establish a routine schedule for regularly updating all software and hardware systems.
• Ensure critical updates are prioritized for immediate application to reduce exposure to exploits.
• Isolate sensitive assets from less secure areas to minimize risk and reduce the attack surface.
• Implement firewalls, Virtual Local Area Networks (VLANs), and access controls to limit threat exposure.
• Develop and regularly update an incident response plan for detecting, responding to, and recovering from security incidents.
• Conduct regular tests of the incident response plan to ensure its effectiveness against evolving threats.
• Use comprehensive monitoring and logging solutions to detect and analyze suspicious activities across the network.
• Utilize Security Information and Event Management (SIEM) systems for real-time threat detection and response by aggregating and correlating logs.
• Proactively identify and plan for the timely upgrades or replacements of End-of-Life (EOL) products to mitigate associated risks.

Conclusion

The addition of these vulnerabilities to CISA’s KEV catalog highlights the urgent need for organizations to address them immediately. The fact that these vulnerabilities are actively exploited signifies that organizations with affected systems face heightened risks, including potential data breaches, ransomware attacks, and privilege escalation.

Organizations must promptly patch these vulnerabilities to safeguard their systems from malicious actors. By following these recommendations, organizations can significantly strengthen their cybersecurity and protect against critical vulnerabilities.