The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three critical vulnerabilities that are being actively exploited by cybercriminals. The flaws in these products could lead to unauthorized access, data breaches, and service disruptions if left unaddressed.
The newly added vulnerabilities include CVE-2023-45727, which affects North Grid Proself and is related to an improper restriction of XML External Entity (XXE) reference. Another critical flaw, CVE-2024-11680, impacts ProjectSend and is caused by an improper authentication vulnerability. Finally, CVE-2024-11667 affects Zyxel firewalls, where a path traversal vulnerability can be exploited.
CVE-2023-45727: North Grid Proself XXE Vulnerability
The first vulnerability, CVE-2023-45727, affects multiple versions of North Grid’s Proself product suite. These include the Proself Enterprise/Standard Edition (versions 5.62 and earlier), Proself Gateway Edition (versions 1.65 and earlier), and Proself Mail Sanitize Edition (versions 1.08 and earlier). This flaw stems from an improper restriction in the XML External Entity (XXE) processing feature.
An attacker can exploit this vulnerability by sending specially crafted XML data to the affected systems. If successful, this could allow remote unauthenticated attackers to access arbitrary files on the server, including those containing sensitive account information. The risk is high as the vulnerability could lead to data manipulation or theft, exposing critical organizational data.
The flaw was published on October 18, 2023, and it was added to the KEV catalog shortly after due to its potential impact. Organizations using the affected Proself products are strongly urged to apply patches that address this vulnerability and mitigate the risk of exploitation.
CVE-2024-11680: ProjectSend Authentication Bypass
The second vulnerability in CISA’s updated KEV catalog is CVE-2024-11680, which affects the ProjectSend file management application. Specifically, versions prior to r1720 are vulnerable to an improper authentication flaw. This vulnerability allows remote attackers to send specially crafted HTTP requests to the options.php file, which enables them to bypass authentication mechanisms.
Once authenticated, attackers can make unauthorized changes to the system configuration, including creating new user accounts, uploading malicious content (such as webshells), or embedding harmful JavaScript. With a critical CVSS score of 9.8, this flaw poses online risks for organizations using vulnerable versions of ProjectSend. This vulnerability was published on November 26, 2024, and organizations are advised to immediately update to the latest version to prevent exploitation.
CVE-2024-11667: Zyxel Firewalls Path Traversal
The third vulnerability, CVE-2024-11667, impacts several Zyxel firewall models, including the ATP series, USG FLEX series, and USG20(W)-VPN series. The vulnerability lies in the web management interface of firmware versions V5.00 through V5.38 for these devices, enabling attackers to perform a path traversal attack.
A path traversal vulnerability allows attackers to manipulate file paths in the system, potentially gaining access to sensitive files or uploading malicious files. In the case of these Zyxel firewalls, attackers could exploit this vulnerability to compromise the device’s security.
With a CVSS score of 7.5, this flaw is considered high risk but not as critical as the ProjectSend vulnerability. The flaw was published on November 27, 2024, with an update the following day. Organizations using affected Zyxel products should promptly apply security updates to protect against this attack vector.
Mitigations for Known Exploited Vulnerabilities
The inclusion of CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667 in the CISA Known Exploited Vulnerabilities (KEV) Catalog emphasizes the ongoing cybersecurity challenges faced by industries relying on these vulnerable products. These flaws, which span various attack vectors like XML External Entity (XXE) attacks, improper authentication, and path traversal, pose online risks to organizations using these systems for critical operations.
To mitigate these vulnerabilities, organizations must prioritize patch management, strengthen authentication practices, conduct regular security audits, and have incident response plans in place. Proactively addressing these vulnerabilities is essential to protect systems from potential exploits, ensuring the continued security and reliability of operations.
