CISA Identifies Exploited Vulnerability in Acclaim USAHERDS Software
2024-12-24
Learn about the critical importance of timely patch management to protect cloud environments from vulnerabilities actively exploited in the wild.
CISA has added a high-severity vulnerability in Acclaim Systems USAHERDS to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw, found in versions 7.4.0.1 and earlier, involves hard-coded credentials that could allow remote code execution if attackers acquire the necessary keys. Although initially exploited by the APT41 group in 2021, agencies are advised to implement mitigations by January 13, 2025, to protect against potential threats.
Zero-Day, Hardcoded Secrets, Web App/Website Vulnerability
USAHERDS, CISA, CVE-2021-44207, APT41, ColdFusion Vulnerability
CVE-2021-44207; CVE-2024-53961
Acclaim Systems USAHERDS, Adobe ColdFusion
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a significant vulnerability in Acclaim Systems USAHERDS and added it to their Known Exploited Vulnerabilities (KEV) catalog. This decision follows evidence of the vulnerability's active exploitation. The vulnerability, tracked as CVE-2021-44207, is a high-severity flaw with a CVSS score of 8.1. It involves hard-coded, static credentials in USAHERDS software versions 7.4.0.1 and earlier. These credentials, specifically static ValidationKey and DecryptionKey values, could be exploited by attackers to execute arbitrary code on compromised servers. To exploit this vulnerability, attackers need to first acquire the static keys. With these keys, they can manipulate the application’s ViewState data. By creating a malicious ViewState, the server can be tricked into deserializing this data, leading to remote code execution. Google-owned Mandiant highlighted that a threat actor with knowledge of these keys could effectively bypass security measures and execute harmful code. Although there are no new reports of CVE-2021-44207 being actively exploited, it was previously utilized by the China-linked APT41 threat group in 2021. This group targeted six U.S. state government networks using the vulnerability as a zero-day exploit. Federal Civilian Executive Branch (FCEB) agencies have been advised to apply vendor-recommended mitigations by January 13, 2025, to protect their networks from potential attacks. In parallel, Adobe has issued a warning about a critical vulnerability in ColdFusion, tracked as CVE-2024-53961, with a CVSS score of 7.8. This flaw allows for an arbitrary file system read and has an existing proof-of-concept exploit. It has been addressed in ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12, and users are encouraged to apply these patches promptly to mitigate risks.CISA Highlights Vulnerability in Acclaim USAHERDS
Details of the Vulnerability
Exploitation Method
Past Exploitation and Mitigation
Related Security Concerns
https://thehackernews.com/2024/12/cisa-adds-acclaim-usaherds.html?m=1