The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a series of critical vulnerabilities affecting multiple major platforms, including Zimbra Collaboration, Ivanti, D-Link, DrayTek, GPAC, and SAP. The vulnerabilities, which range in severity from critical to medium, have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, highlighting their active exploitation by threat actors. The vulnerabilities allow attackers to gain unauthorized access to systems, execute malicious code, and potentially steal sensitive information. Organizations are strongly urged to prioritize the immediate patching of affected systems to mitigate the risk of exploitation. The vulnerabilities and their potential impact are detailed below:
CVE-2024-45519 (Zimbra Collaboration): This critical vulnerability allows unauthenticated users to execute commands. A Proof of Concept (PoC) exploit has been demonstrated by researchers, and mass exploitation of this vulnerability has been reported.
CVE-2024-29824 (Ivanti Endpoint Manager): This high-severity SQL Injection vulnerability allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2023-25280 (D-Link devices): This critical OS injection vulnerability allows an attacker to manipulate system commands through insufficient validation of the ping_addr parameter.
CVE-2020-15415 (DrayTek routers): This critical vulnerability allows remote command execution via OS injection.
CVE-2021-4043 (GPAC repository): This medium-severity vulnerability may lead to a denial-of-service (DoS) condition.
CVE-2019-0344 (SAP Commerce Cloud): This critical vulnerability allows arbitrary code execution due to unsafe deserialization.
A critical zero-day vulnerability (CVE-2024-45519) has been discovered in Synacor’s Zimbra Collaboration, specifically in the postjournal service. This vulnerability allows attackers to achieve unauthenticated remote code execution (RCE) by sending specially crafted emails. The vulnerability lies in the postjournal SMTP parsing service, which is not enabled by default but is still considered a significant threat. Organizations are urged to patch their Zimbra installations as soon as possible to protect against active exploitation. CISA has flagged CVE-2024-45519 as actively exploited, highlighting the urgency of the situation. Proof-of-concept (PoC) exploits have been demonstrated, showcasing the vulnerability’s potential for malicious activity. The vulnerability stems from a lack of proper input sanitization, which allows attackers to inject arbitrary commands into the postjournal service. This highlights the importance of secure coding practices and robust input validation to prevent such vulnerabilities from emerging.