CISA adds Outlook and FTD Vulnerabilities to its KEV Catalog
Share this:
The US CISA has flagged an alert, adding two vulnerabilities to the catalog of “Known Exploited Vulnerabilities (KEV),” which showed a call for urgent attention. CVE-2024-21410 and CVE-2020-3259, respectively. Both are critical vulnerabilities, highlighting the ongoing battle between cybersecurity defenses and the evolving tactics of threat actors.
The first vulnerability, CVE-2024-21410 with a CVSS score of 9.8, indicating its critical nature. This vulnerability allows remote, unauthenticated attackers to escalate privileges through NTLM relay attacks on vulnerable Microsoft Exchange Server versions. In these attacks, a threat actor can force a network device, such as servers or domain controllers, to authenticate against an NTLM relay server under their control. This enables them to impersonate the targeted devices and elevate privileges significantly.
The second vulnerability, CVE-2020-3259, with a CVSS score of 7.5, targets the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This flaw permits an unauthenticated, remote attacker to retrieve memory contents from an affected device, posing a significant risk of confidential information disclosure. The vulnerability stems from a buffer tracking issue when parsing invalid URLs requested from the web services interface. An attacker exploiting this vulnerability through a crafted GET request could potentially access memory contents, leading to the disclosure of sensitive information.
CISA has urged federal agencies to apply the necessary fixes by March 7, 2024, to safeguard their networks from potential threats. This situation underscores the critical importance of staying vigilant and responsive to cybersecurity alerts, as vulnerabilities can be exploited to compromise systems and access sensitive data.
