FlagThis

CyberSecurity updates
2024-12-27 04:13:11 Pacfic
Divya @ GBHackers Security
Critical Vulnerabilities in CyberPanel, Zyxel, ProjectSend, and North Grid - 20d
Read more: gbhackers.com

The Cybersecurity and Infrastructure Security Agency (CISA) has warned of multiple critical vulnerabilities actively exploited in popular software and hardware. A flaw in CyberPanel (CVE-2024-51378), an open-source web hosting control panel, with a CVSS score of 10.0, allows authentication bypass and remote code execution, enabling attackers to deploy ransomware and compromise systems. This vulnerability has been linked to ransomware campaigns, highlighting the urgent need for immediate patching. Further, vulnerabilities affecting Zyxel firewalls (CVE-2024-11667), ProjectSend (CVE-2024-11680), and North Grid Proself (CVE-2023-45727) have also been added to CISA's Known Exploited Vulnerabilities catalog.

These flaws enable a range of attacks including authentication bypass, remote code execution, and data exfiltration. The CyberPanel vulnerability specifically allows attackers to execute arbitrary commands through shell metacharacters, while the Zyxel firewall vulnerability allows file uploads and downloads via crafted URLs. ProjectSend's vulnerability enables configuration modification through HTTP requests, potentially leading to account creation and malicious code injection. North Grid Proself's vulnerability allows XML External Entity (XXE) attacks. CISA urges organizations using these products to apply the necessary patches immediately or discontinue use if patches aren't available to mitigate the risk of exploitation.

Original img attribution: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeyqpZLnFtu9Au4F9K4rL0ku7q0WCjJGra7hlhCqmfWC2qrRRhSfdL8_FH3nzjx1tJe-aCvWUd5zUoql9VVKOQfEuXHbm831LLjA5uA3EBj7Xh8IAs4l4sLh2Zgp2nNMhc0c5rgNPxn3lDeejxRAQUfJckMfIv2UT3HYlchA0GyKV1AhyKSJjDNEFKZrFf/s1600/cisa%282%29-1.webp
ImgSrc: blogger.googleusercontent.com
References:
  • GBHackers Security - GBHackers report on CISA warnings about flaws exploited in the wild for Zyxel, CyberPanel, North Grid, and ProjectSend. - 19d
  • Security Archives - Security Affairs article about CISA adding a CyberPanel flaw to its Known Exploited Vulnerabilities catalog. - 19d
  • Vulnerability Archives - SecurityOnline article detailing the critical CyberPanel flaw under active attack. - 19d
  • CySecurity News - CySecurity news article detailing CISA warnings about multiple critical exploits in ProjectSend, Zyxel and Proself. - 19d

Classification:
  • HashTags: CyberPanel Zyxel ProjectSend NorthGrid
  • Company: Multiple
  • Target: Users of CyberPanel, Zyxel, ProjectSend, and North Grid
  • Product: CyberPanel, Zyxel Firewalls, ProjectSend, North Grid Proself
  • Feature: Multiple vulnerabilities
  • Type: Vulnerability
  • Severity: Critical

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.