好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,了解主要内容。 文章主要讲的是美国网络安全和基础设施安全局(CISA)将SimpleHelp、三星和D-Link的漏洞加入其已知被利用的漏洞目录。具体来说,他们添加了四个CVE:CVE-2024-7399、CVE-2024-57726、CVE-2024-57728和CVE-2025-29635。每个漏洞都有详细的描述和CVSS评分。 接下来,我需要提炼这些信息。首先,CISA添加了哪些公司的漏洞?SimpleHelp、三星和D-Link。然后是漏洞的数量,四个。每个漏洞的影响是什么?比如三星的漏洞允许攻击者上传文件并执行代码,SimpleHelp的两个漏洞涉及权限提升和路径遍历,D-Link的则涉及命令注入。 此外,文章提到CISA要求联邦机构在2026年5月8日前修复这些漏洞,并建议私营组织也检查这些漏洞。这是关键点之一。 现在,我需要把这些信息浓缩到100字以内。要确保包括CISA、公司名称、漏洞数量、主要影响以及修复截止日期。 可能的结构是:CISA将四个来自SimpleHelp、三星和D-Link的高危漏洞加入目录,并要求联邦机构在特定日期前修复。 检查一下字数是否合适,并确保没有遗漏重要信息。 </think> 美国网络安全机构CISA将SimpleHelp、三星和D-Link的四个高危漏洞加入已知被利用漏洞目录,并要求联邦机构于2026年5月8日前修复这些漏洞以防范攻击。 2026-4-25 21:0:26 Author: securityaffairs.com(查看原文) 阅读量:27 收藏
U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability
- CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability
- CVE-2024-57728 SimpleHelp Path Traversal Vulnerability
- CVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability
The vulnerability CVE-2024-7399 (CVSS score of 8.8) is an improper limitation of a pathname to a restricted directory issue in Samsung MagicINFO 9 Server version before 21.1050. An attacker can exploit the flaw to write arbitrary file as system authority.
In May 2025, Arctic Wolf researchers observed threat actors exploiting this vulnerability (CVSS score: 8.8) in the Samsung MagicINFO content management system (CMS) just days after proof-of-concept (PoC) exploit code was publicly released.
CVE-2024-7399 is a flaw in Samsung MagicINFO 9 Server’s input validation, it allows unauthenticated attackers to upload JSP files and execute code with system-level access.
Samsung first disclosed the flaw in August 2024, and at the time, there were no signs of it being exploited. However, just days after a proof-of-concept (PoC) was published on April 30, 2025, threat actors began taking advantage of it. Given how easy it is to exploit, and the public availability of the PoC, experts believe that the attacks are likely to continue.
Samsung addressed the vulnerability with the release of MagicINFO 9 Server version 21.1050 in August 2024.
The second vulnerability, tracked as CVE-2025-29635, allows attackers to inject commands because an attacker-controlled value is copied without proper validation.
This week, Akamai researchers reported that a Mirai botnet is targeting CVE-2025-29635 via crafted POST requests after public PoC disclosure.
The remaining two flaws added to the catalog are:
- CVE-2024-57726 (CVSS 9.9) – An authorization flaw in SimpleHelp lets low-privileged technicians generate API keys with elevated rights, enabling escalation to full server admin access.
- CVE-2024-57728 (CVSS 7.2) – A path traversal issue (zip slip) allows admin users to upload crafted ZIP files that place arbitrary files on the system, potentially leading to remote code execution as the SimpleHelp server user.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by May 8, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
如有侵权请联系:admin#unsafe.sh