Read more: www.cisa.gov
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a series of critical vulnerabilities affecting multiple major platforms, including Zimbra Collaboration, Ivanti, D-Link, DrayTek, GPAC, and SAP. The vulnerabilities, which range in severity from critical to medium, have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, highlighting their active exploitation by threat actors. The vulnerabilities allow attackers to gain unauthorized access to systems, execute malicious code, and potentially steal sensitive information. Organizations are strongly urged to prioritize the immediate patching of affected systems to mitigate the risk of exploitation. The vulnerabilities and their potential impact are detailed below:
CVE-2024-45519 (Zimbra Collaboration): This critical vulnerability allows unauthenticated users to execute commands. A Proof of Concept (PoC) exploit has been demonstrated by researchers, and mass exploitation of this vulnerability has been reported.
CVE-2024-29824 (Ivanti Endpoint Manager): This high-severity SQL Injection vulnerability allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2023-25280 (D-Link devices): This critical OS injection vulnerability allows an attacker to manipulate system commands through insufficient validation of the ping_addr parameter.
CVE-2020-15415 (DrayTek routers): This critical vulnerability allows remote command execution via OS injection.
CVE-2021-4043 (GPAC repository): This medium-severity vulnerability may lead to a denial-of-service (DoS) condition.
CVE-2019-0344 (SAP Commerce Cloud): This critical vulnerability allows arbitrary code execution due to unsafe deserialization.