The CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, introducing two actively exploited vulnerabilities: CVE-2024-38475 in Apache HTTP Server and CVE-2023-44221 in SonicWall SMA100 devices. These vulnerabilities pose significant cybersecurity threats, particularly in the federal sector, as they could lead to unauthorized access or system compromise. Organizations are urged to apply necessary patches to mitigate these risks.
Keypoints :
- CISA added CVE-2024-38475 and CVE-2023-44221 to its Known Exploited Vulnerabilities Catalog.
- CVE-2024-38475 involves improper output escaping in Apache HTTP Server, potentially enabling unauthorized code execution.
- CVE-2023-44221, affecting SonicWall SMA100, allows OS command injection for attackers with administrative privileges.
- Apache HTTP Server versions up to 2.4.59 are at risk; users should upgrade to the latest patch.
- SonicWall SMA models 200, 210, 400, 410, and 500v running on earlier versions are affected, with patches recommending upgrade to version 10.2.1.10-62sv or higher.
- Both vulnerabilities are actively exploited, heightening their threat to organizations.
- Immediate action is required from organizations to secure their systems against these vulnerabilities.
Read More: https://thecyberexpress.com/cisa-adds-cve-2024-38475-and-cve-2023-44221/