CISA KEV Catalog Update Part I – February 2025

CISA KEV Catalog Update Part I – February 2025

No Comments

The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) catalog on February 4, 2025, adding four new vulnerabilities that have been actively exploited in the wild. These vulnerabilities pose significant risks to organizations and require immediate attention and remediation.

Overview of Newly Added Vulnerabilities

1. CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability

  • Description: This vulnerability affects Apache OFBiz, an open-source enterprise resource planning (ERP) system. It allows attackers to browse files and directories on the server without authentication.
  • Technical Details: The flaw stems from improper access control, permitting unauthorized users to access sensitive files and directories by manipulating URLs.
  • Impact: Exploitation of this vulnerability can lead to unauthorized access to sensitive information, data breaches, and potential system compromise. Attackers can retrieve configuration files, logs, and other critical data.
  • Recommendations: Organizations using Apache OFBiz should apply the latest patches and updates provided by the Apache Software Foundation. Additionally, implementing strict access controls and regular security audits can help mitigate this risk.

2. CVE-2024-29059: Microsoft .NET Framework Information Disclosure Vulnerability

  • Description: This vulnerability affects the Microsoft .NET Framework. It can result in the disclosure of sensitive information due to inadequate data protection mechanisms.
  • Technical Details: The vulnerability arises from improper handling of sensitive data, allowing attackers to gain unauthorized access to information stored within .NET applications.
  • Impact: Exploitation can lead to the exposure of confidential data, which attackers can use to gain further access to systems, conduct identity theft, or perpetrate other malicious activities.
  • Recommendations: Microsoft has released patches to address this vulnerability. Organizations should ensure that all .NET Framework installations are updated to the latest version. Regular security assessments and adherence to best practices for data protection are also recommended.

3. CVE-2018-9276: Paessler PRTG Network Monitor OS Command Injection Vulnerability

  • Description: This vulnerability affects Paessler PRTG Network Monitor, a widely used network monitoring tool. It allows attackers to execute arbitrary commands on the affected system.
  • Technical Details: The vulnerability is due to insufficient validation of user inputs, which can be exploited to inject and execute OS commands on the server.
  • Impact: Successful exploitation can result in remote code execution, providing attackers with full control over the affected system. This can lead to system compromise, data breaches, and disruption of network monitoring capabilities.
  • Recommendations: Paessler has released security updates to address this vulnerability. Organizations should apply these updates immediately. Implementing input validation and sanitization measures can further protect against command injection attacks.

4. CVE-2018-19410: Paessler PRTG Network Monitor Local File Inclusion Vulnerability

  • Description: This vulnerability also affects Paessler PRTG Network Monitor and allows attackers to include local files on the server, potentially leading to the execution of arbitrary code.
  • Technical Details: The flaw arises from improper handling of file paths, enabling attackers to manipulate input to include and execute files from the local file system.
  • Impact: Exploitation can result in unauthorized access to sensitive files, data leakage, and remote code execution. Attackers can gain access to configuration files, logs, and other critical data.
  • Recommendations: Security patches have been released by Paessler to mitigate this vulnerability. Organizations should ensure that these patches are applied. Regular security assessments and implementing least privilege access controls can help reduce the risk of exploitation.

CISA’s Recommendations

CISA strongly urges organizations to prioritize the remediation of these vulnerabilities to reduce the risk of compromise and set deadlines as February 25, 2025, for remediation.

  • Apply Patches: Ensure that all affected systems and software are updated with the latest security patches and updates.
  • Implement Access Controls: Enforce strict access controls to limit unauthorized access to sensitive data and systems.
  • Conduct Regular Security Audits: Perform regular security assessments and audits to identify and address potential vulnerabilities.
  • Monitor Systems: Continuously monitor network traffic and system logs for any signs of suspicious activity or exploitation attempts.
Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.