Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting their active exploitation. These include severe vulnerabilities affecting Apache OFBiz and Microsoft .NET Framework, as well as issues in Paessler PRTG Network Monitor. Federal agencies are urged to implement fixes by February 25, 2025, to mitigate risks.
Affected: Federal Civilian Executive Branch (FCEB) agencies
Keypoints :
- CVE-2024-45195: Forced browsing vulnerability in Apache OFBiz (CVSS score: 7.5/9.8) allowing unauthorized access and code execution.
- CVE-2024-29059: Information disclosure in Microsoft .NET Framework (CVSS score: 7.5) potentially leading to remote code execution.
- CVE-2018-9276: Command injection vulnerability in Paessler PRTG (CVSS score: 7.2) enabling command execution by admin users.
- CVE-2018-19410: Local file inclusion in Paessler PRTG (CVSS score: 9.8) allowing unauthenticated remote user creation with read-write privileges.
- Federal agencies are required to apply fixes by February 25, 2025, against these identified vulnerabilities.
Source: https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html