CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
The vulnerability withca CVSS score of 8.2. This vulnerability arises from improper access control mechanisms within Adobe ColdFusion, enabling attackers to bypass security measures and read arbitrary files potentially accessing sensitive files without proper authorization.
ColdFusion 2023 Update 6 and earlier versions, as well as ColdFusion 2021 Update 12 and earlier versions are vulnerable.
This vulnerability with a CVSS score of 10. This vulnerability arises from improper handling of pointers within the Windows Kernel-Mode Driver, specifically the Microsoft Kernel Streaming Service (MSKSSRV.SYS) An attacker can gain SYSTEM privileges, allowing them to execute arbitrary code, access sensitive information, and potentially take full control of the compromised system
CISA has set January 7th, 2025, as a deadline for federal agencies to remediate the vulnerabilities
