<\/div>\n

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog.<\/h2>\n\n\n\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog<\/a>:<\/p>\n\n\n\n

\n
• CVE-2024-34102<\/a>\u00a0Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability<\/li>\n\n\n\n
• CVE-2024-28995<\/a>\u00a0SolarWinds Serv-U Path Traversal Vulnerability<\/li>\n\n\n\n
• CVE-2022-22948<\/a>\u00a0VMware vCenter Server Incorrect Default File Permissions Vulnerability<\/li>\n<\/ul>\n\n\n\n

  Below are the descriptions of the flaws added to the KEV catalog:<\/gwmw><\/p>\n\n\n\n

  CVE-2024-34102<\/strong><\/a> (CVSS score of 9.8) – the flaw is an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary code execution. An attacker could exploit this issue by sending a crafted XML document that references external entities. The experts pointed out that the exploitation of this issue does not require user interaction. The flaw impacts Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. Adobe warned that it is aware that CVE-2024-34102 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants.<\/p>\n\n\n\n

  CVE-2024-28995<\/strong><\/a> (CVSS score of 7.5) – the flaw is a high-severity directory transversal issue in SolarWinds Serv-U Path that allows attackers to read sensitive files on the host machine. The vulnerability was discovered and reported by Hussein Daher. Experts at threat intelligence firm GreyNoise reported that threat actors are actively exploiting a public available proof-of-concept (PoC) exploit code.<\/p>\n\n\n\n

  \u201cSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.\u201d\u00a0reads the advisory<\/a>.<\/p>\n\n\n\n

  The flaw was disclosed on June 6, it impacts Serv-U 15.4.2 HF 1 and previous versions.<\/p>\n\n\n\n

  GreyNoise researchers started investigating the issue after Rapid7\u00a0published technical details about the flaw and PoC exploit code<\/a>. GitHub users\u00a0bigb0x<\/a>\u00a0also shared a\u00a0proof-of-concept (PoC) and a bulk scanner<\/a>\u00a0for the SolarWinds Serv-U CVE-2024-28995 directory traversal vulnerability. <\/gwmw><\/p>\n\n\n\n

  \u201cThe vulnerability is very simple, and accessed via a\u00a0GET<\/code>\u00a0request to the root (\/<\/code>) with the arguments\u00a0InternalDir<\/code>\u00a0and\u00a0InternalFile<\/code>\u00a0set to the desired file. The idea is that\u00a0InternalDir<\/code>\u00a0is the folder, and they attempt to validate there are no path-traversal segments (..\/<\/code>).\u00a0InternalFile<\/code>\u00a0is the filename.\u201d\u00a0reported<\/strong><\/a>\u00a0GreyNoise.<\/p>\n\n\n\n

  GreyNoise researchers started observing exploitation attempts for this issue over the weekend.<\/p>\n\n\n\n

  Some failed attempts relied on copies of publicly available PoC exploits, others attempts were associated to attackers with a better knowledge of the attack.<\/p>\n\n\n\n

  \u201cWe see people actively experimenting with this vulnerability \u2013 perhaps even a human with a keyboard. The route between this vulnerability and RCE is tricky, so we\u2019ll be curious to see what people attempt!\u201d\u00a0states GreyNoise<\/a>.<\/em>
<\/gwmw><\/p>\n\n\n\n

  CVE-2022-22948<\/strong><\/a> (CVSS score of 6.5) – an information disclosure vulnerability in vCenter Server that is caused by improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.<\/gwmw><\/p>\n\n\n\n

  According to\u00a0Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/p>\n\n\n\n

  Experts also recommend private organizations review the\u00a0Catalog<\/a>\u00a0and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n

  CISA orders federal agencies to fix this vulnerability by\u00a0August 7, 2024.<\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n

  Pierluigi\u00a0Paganini<\/strong><\/a><\/gwmw><\/p>\n\n\n\n

  Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

  (<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0CISA)<\/strong><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

  U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: […]<\/p>\n","protected":false},"author":1,"featured_media":106349,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[8913,4112,9506,10918,12584,687,841,1533],"class_list":["post-165981","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-cisa","tag-hacking","tag-information-security-news","tag-it-information-security","tag-known-exploited-vulnerabilities-catalog","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n