The US Cyber Security and Infrastructure Security Bureau (CISA) added four security defects to the known vulnerability (KEV) catalog on Tuesday, quoting aggressive evidence in the wild. 。
The list of vulnerability is as follows-
CVE-2024-45195 (CVSS Score: 7.5/9.8)-Forced browsing vulnerabilities that remote attackers can acquire unauthorized access on the server, acquire any code and execute any code (modified in September 2024) )CVE-2024-29059(CVSSSSSSSSSSSSSSSSSSSSSSSスコア:7.5) – Microsoft .NETフレームワークの情報開示脆弱性は、OBJREF URIを公開し、リモートコード実行につながる可能性があります(2024年3月に修正)CVE – 2018-9276 (CVSS Score: 7.2) -Operating System Command Inject vulnerabilities in the vulnerabilities Paessler PrTG Network Monitor ensure that attackers with management authority can execute commands via the PRTG System Administrator Web Console (2018) Fixed in April of the year) This allows attackers who are not recognized to be able to create users with the privilege of reading wines (modified in April 2018).
These drawbacks have been dealt with by each vendor, but there is no public report on how they were abused by actual attacks.
The Federal Civil Executive Division (FCEB) has been requested to apply the required corrections by February 25, 2025 to compete against aggressive threats.
Source link
