CISA Adds Four Actively Exploited Vulnerabilities to Catalog
2025-02-08
Learn about the critical importance of timely patch management to protect against vulnerabilities actively exploited in the wild.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting their active exploitation. These include a forced browsing flaw in Apache OFBiz, an information disclosure issue in Microsoft .NET Framework, and two vulnerabilities in Paessler PRTG Network Monitor related to command injection and local file inclusion. Patches for these vulnerabilities were released between 2018 and 2024.
Patch Management, Web App/Website Vulnerability
CISA, Known Exploited Vulnerabilities, Apache OFBiz, Microsoft .NET Framework, Paessler PRTG, Patch Management
CVE-2024-45195; CVE-2024-29059; CVE-2018-9276; CVE-2018-19410
Apache OFBiz, Microsoft .NET Framework, Paessler PRTG Network Monitor
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog with four new entries. These vulnerabilities have been actively exploited, making it crucial for organizations to be aware of the risks they pose and take appropriate action. Apache OFBiz Vulnerability Microsoft .NET Framework Vulnerability Paessler PRTG Network Monitor Vulnerabilities These vulnerabilities highlight the critical importance of timely patch management. Organizations must regularly update their software to protect against exploits that can lead to unauthorized access, data breaches, and other security incidents.CISA Highlights Four Actively Exploited Vulnerabilities
Vulnerability Details
A forced browsing vulnerability in Apache OFBiz could allow a remote attacker to gain unauthorized access and execute arbitrary code on the server. This vulnerability was fixed in September 2024.
An information disclosure issue in Microsoft .NET Framework could expose the ObjRef URI, potentially leading to remote code execution. A patch for this vulnerability was released in March 2024.
Two vulnerabilities were identified in Paessler PRTG Network Monitor. The first is an operating system command injection flaw that lets attackers with administrative privileges execute commands via the PRTG System Administrator web console. The second is a local file inclusion vulnerability, allowing a remote, unauthenticated attacker to create users with read-write privileges. Both vulnerabilities were patched in April 2018.Importance of Patch Management
https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html?m=1