FlagThis

The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent warnings about multiple actively exploited vulnerabilities affecting popular software and hardware. These flaws impact Zyxel firewalls, CyberPanel, North Grid, and ProjectSend, allowing attackers unauthorized system access and control. Specifically, CyberPanel's CVE-2024-51378, with a critical CVSS score of 10.0, allows authentication bypass and arbitrary command execution, facilitating ransomware deployment. Other vulnerabilities include improper authentication in ProjectSend (CVE-2024-11680), improper XML External Entity restriction in North Grid Proself (CVE-2023-45727), and path traversal in Zyxel firewalls (CVE-2024-11667). These vulnerabilities have been linked to various ransomware campaigns, including PSAUX and Helldown.

Organizations utilizing these products are strongly advised to immediately implement the necessary security updates and mitigations provided by the vendors. The high severity of these vulnerabilities, particularly the perfect score given to CVE-2024-51378, underscores the urgent need for action to prevent exploitation. CISA has added these flaws to its Known Exploited Vulnerabilities catalog and urges federal agencies to remediate them by December 25, 2024. Failure to act promptly leaves organizations vulnerable to significant security breaches and data loss.

ImgSrc: blogger.googleusercontent.com

References:

• GBHackers Security - CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild - 20d
• Vulnerability Archives - CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA Warns - 20d
• The Hacker News - CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel - 20d
• The Hacker News - Information about the Mitel MiCollab zero-day vulnerability. - 20d
• Help Net Security - Details on the Mitel MiCollab zero-day vulnerability and PoC exploit. - 20d
• Over Security - Report on the Mitel MiCollab zero-day vulnerability. - 20d
• CySecurity News - CISA Warns of Critical Exploits in ProjectSend, Zyxel, and Proself Systems - 20d
• watchTowr Labs - watchTowr : Mitel MiCollab is an application for voice, video, messaging, presence, audio conferencing, mobility and team collaboration. watchTowr publishes vulnerability details for CVE-2024-35286 (S - 20d
• News - Mitel MiCollab VoIP authentication bypass opens new attack paths - 20d
• www.mitel.com - Mitel security advisory addressing CVE-2024-41713. - 20d
• The Register - Information about the zero-day vulnerability in Mitel MiCollab that allows attackers to access sensitive files. - 20d
• Security Archives - U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog - 19d
• GBHackers Security - Report on multiple ICS advisories released by CISA, focusing on vulnerabilities and exploits in AutomationDirect and Planet Technology products. - 17d

Classification:

• HashTags: Vulnerability Exploit CISA
• Company: Zyxel, CyberPanel, North Grid, ProjectSend
• Target: Zyxel, CyberPanel, North Grid, ProjectSend users
• Attacker:
• Product: Zyxel firewalls, CyberPanel, North Grid, ProjectSend
• Feature:
• Type: Vulnerability
• Severity: Critical