The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding several new vulnerabilities that have been actively exploited by cybercriminals.
These vulnerabilities, found in widely-used software products, pose cybersecurity risks, especially to federal enterprises and critical infrastructure sectors. The newly added vulnerabilities include CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410—all of which can have severe consequences for the security of affected systems.
Overview of the New Known Exploited Vulnerabilities
CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability
The first vulnerability, CVE-2024-45195, is a critical flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability is associated with forced browsing, which allows attackers to bypass security restrictions by directly accessing specific URLs, potentially revealing sensitive data.
Discovered in Apache OFBiz versions earlier than 18.12.16, this vulnerability could enable unauthorized access to various website sections, depending on the implementation of weak authorization mechanisms. Attackers may exploit this flaw to escalate privileges and gain access to sensitive data, including private user information or other confidential details.
The CVE-2024-45195 vulnerability has been included in the CISA Known Exploited Vulnerabilities Catalog because of its active exploitation, which makes it critical for organizations using Apache OFBiz to upgrade their software to version 18.12.16 or later.
CVE-2024-29059: Microsoft .NET Framework Information Disclosure
Another serious vulnerability added to the Known Exploited Vulnerabilities Catalog is CVE-2024-29059, affecting the Microsoft .NET Framework. This information disclosure vulnerability enables attackers to gain access to sensitive information from systems running older versions of .NET Framework, such as 4.8, 3.5, and 4.7.2.
This flaw can be exploited by attackers leveraging weaknesses in error handling within the system. With a CVSS score of 7.5 (High), it poses a significant risk to organizations using Windows 10 or Windows Server versions, where the CVE-2024-29059 vulnerability is prevalent.
Given its potential impact, CISA has listed CVE-2024-29059 in its catalog of known exploited vulnerabilities, urging organizations to quickly apply patches or updates to protect their systems from data exposure and potential breaches.
CVE-2018-9276: Paessler PRTG Network Monitor OS Command Injection
The CVE-2018-9276 vulnerability relates to a critical flaw found in Paessler PRTG Network Monitor, a tool widely used for IT network monitoring. This vulnerability, identified in versions prior to 18.2.39, is a command injection issue that allows attackers with administrator privileges to inject operating system commands into the system.
By exploiting this flaw, attackers could execute arbitrary commands not only on the PRTG server but also on connected network devices, potentially compromising entire network infrastructures. For organizations relying on PRTG to monitor their network health, this is a cybersecurity concern.
The vulnerability’s inclusion in the Known Exploited Vulnerabilities Catalog reflects the urgent need for PRTG users to update their systems to versions that resolve this issue.
CVE-2018-19410: Paessler PRTG Network Monitor Local File Inclusion
Another vulnerability in Paessler’s PRTG Network Monitor, CVE-2018-19410, is a Local File Inclusion (LFI) flaw. This vulnerability allows unauthenticated attackers to bypass security restrictions and escalate their privileges by crafting malicious HTTP requests. Attackers can exploit this flaw to create new users with administrator privileges or read-write access, thereby gaining control over the system.
Discovered in versions of PRTG prior to 18.2.40.1683, CVE-2018-19410 has been exploited in active attacks, making it a high-priority target for patching. By exploiting this vulnerability, attackers can manipulate the network monitoring system and access sensitive data, which could lead to serious security breaches.
Conclusion
The vulnerabilities listed in the Known Exploited Vulnerabilities Catalog, such as CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, highlight the importance of proactive vulnerability management. Organizations must regularly patch their systems to avoid exploitation, especially those handling sensitive data or critical infrastructure. Using advanced tools like Cyble can further strengthen defenses by providing real-time monitoring and insights.
