ISA updates the Known Exploited Vulnerabilities Catalog with critical flaws, adding CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410.

Overview 

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified in widely-used software products, have been actively exploited by cyber attackers.  

With these updates, CISA highlights the importance of addressing these flaws promptly to mitigate the risks they pose, particularly to federal enterprises and other critical infrastructure sectors. The newly added vulnerabilities include CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, all of which could have severe consequences for the security of affected systems. 

Detailed List of Vulnerabilities Highlighed in the Known Exploited Vulnerabilities Catalog 

CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability 

The first of the vulnerabilities, CVE-2024-45195, relates to a flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability is a forced browsing issue, where attackers can gain unauthorized access to certain parts of a website by bypassing security restrictions through direct URL requests. The flaw was discovered in Apache OFBiz versions before 18.12.16, and users are advised to upgrade to this version or later to mitigate the threat. 

The vulnerability can allow attackers to gain unauthorized access to sensitive data by leveraging weak authorization mechanisms. It is listed in the CISA Known Exploited Vulnerabilities Catalog due to active exploitation, with evidence showing malicious actors targeting vulnerable systems to escalate privileges.  

CVE-2024-29059: Microsoft .NET Framework Information Disclosure 

The second addition, CVE-2024-29059, is a critical information disclosure vulnerability affecting Microsoft .NET Framework. This flaw can allow attackers to access sensitive information stored within the system by exploiting weaknesses in error handling. With a CVSS score of 7.5 (High), this vulnerability is serious and can be exploited by attackers to access privileged information in systems running older versions of .NET Framework, specifically 4.8, 3.5, and 4.7.2. 

The impact of this vulnerability is widespread, affecting Windows 10 and Windows Server versions, making it a concern for organizations relying on these platforms. The flaw is also listed in CISA’s Known Exploited Vulnerabilities Catalog, reinforcing its immediate need for attention and patching to prevent potential breaches. 

CVE-2018-9276: Paessler PRTG Network Monitor OS Command Injection 

Another critical vulnerability is CVE-2018-9276, a command injection flaw discovered in PRTG Network Monitor versions prior to 18.2.39. This vulnerability allows attackers with administrator privileges on the system to inject operating system commands into the network monitor system. By sending malformed parameters to the system, attackers can execute arbitrary commands both on the server and on networked devices. 

PRTG Network Monitor is widely used for IT network monitoring, and an attacker exploiting this flaw could gain complete control over the system and its connected infrastructure. This vulnerability has been identified as a significant attack vector for malicious actors, potentially compromising entire networks. Users of affected versions must update their software to address this flaw. 

CVE-2018-19410: Paessler PRTG Network Monitor Local File Inclusion 

Another vulnerability in PRTG Network Monitor, CVE-2018-19410, involves a Local File Inclusion (LFI) issue, which allows unauthenticated attackers to bypass security mechanisms and escalate privileges. Attackers exploiting this flaw can create users with read-write privileges, including administrator-level access, by crafting malicious HTTP requests. This vulnerability has been confirmed to affect PRTG versions before 18.2.40.1683. 

Once exploited, this flaw can lead to severe compromises in the security of networked systems by allowing attackers to perform unauthorized actions, such as adding new administrative users and accessing sensitive data. CISA included this vulnerability in its Known Exploited Vulnerabilities Catalog after determining that it was actively being targeted by cybercriminals. 

Conclusion  

The vulnerabilities identified by CISA, such as CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, highlights the ongoing cybersecurity trends particularly in the vulnerability space. Organizations are encouraged to regularly monitor for updates and patch their systems without delay.  

Additionally, Cyble offers a powerful AI-driven threat intelligence platform that helps organizations stay protected of cybercriminals by providing continuous monitoring, actionable insights, and timely alerts about vulnerabilities and cyber risks. With its cutting-edge technologies like Cyble Vision, Cyble empowers businesses, federal agencies, and individuals to strengthen their cybersecurity posture.  

By leveraging Cyble’s tools for vulnerability management, dark web monitoring, and attack surface management, organizations can better protect sensitive data and critical infrastructure from exploitation.  

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.