Threat Advisory

Multiple Vulnerabilities Actively Exploited in Cybersecurity Campaigns

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY:

Multiple vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. These flaws enable threat actors to execute arbitrary commands, access sensitive data, and conduct unauthorized operations, with exploitation linked to cyber espionage and ransomware campaigns. CVE-2023-45727 allows attackers to conduct an XML External Entity (XXE) attack, leading to unauthorized access and data manipulation. CVE-2024-11680 enables attackers to create accounts, upload web shells, and embed malicious scripts via improper authentication. CVE-2024-11667 is a path traversal vulnerability that permits file downloads and uploads via crafted URLs.

 

  • CVE-2024-51378: This critical vulnerability, with a CVSS score of 10.0, involves incorrect default permissions that allow authentication bypass and arbitrary command execution using shell metacharacters in the statusfile property.

 

  • CVE-2024-45841: Rated at a CVSS score of 6.5, this flaw involves incorrect permission assignment for critical resources, enabling attackers with guest account access to read sensitive files, including credentials.

 

  • CVE-2024-47133: With a CVSS score of 7.2, this vulnerability is an operating system command injection issue that allows logged-in administrative users to execute arbitrary commands.

 

  • CVE-2024-52564: This vulnerability, carrying a CVSS score of 7.5, stems from undocumented features that let remote attackers disable the firewall, execute operating system commands, or alter router configuration.

 

Active exploitation of these vulnerabilities highlights the need for prompt remediation. Organizations are urged to implement available patches and take preventive measures to secure their systems.

RECOMMENDATION:

We strongly recommend you update to below version:

  • Zyxel products to version v2.3.9.
  • UD-LT1 firmware Ver.2.1.9
  • UD-LT1/EX firmware Ver.2.1.9

REFERENCES:

The following reports contain further technical details:
https://thehackernews.com/2024/12/cisa-warns-of-active-exploitation-of.html

crossmenu