Zyxel, ProjectSend, CyberPanel vulnerabilities actively exploited, so patch now

(Image credit: Shutterstock)

CISA added a number of high-severity flaws to its catalog
One of the bugs is a 10/10
One but is being exploited by Chinese state-sponsored actors

Multiple vulnerabilities plaguing solutions from Zyxel, North Grid Proself, ProjectSend, and CyberPanel, are being actively exploited in the wild to bypass authentication, mount XXE attacks, drop malicious JavaScript, deploy arbitrary files, and more.

Earlier this year, multiple cybersecurity researchers, vendors, and professionals, warned about these bugs at different times, with reports coming in from Sekoia, Censys, VulnCheck, and others.

Now, the US Cybersecurity and Infrastructure Security Agency (CISA) added these flaws to its Known Exploited Vulnerabilities (KEV) list, confirming in-the-wild abuse. Federal agencies have a three-week deadline to patch the software up or stop using it altogether, which expires on December 25, 2024.

Earth Kasha

The most dangerous of the flaws is an incorrect default permissions vulnerability, discovered in CyberPanel. It has a severity score of 10/10 (critical) and is tracked as CVE-2024-51378. It can be used to bypass authentication and execute arbitrary commands using shell metacharacters.

Other notable mentions include an improper restriction of XML External Entity (XEE) reference vulnerability, tracked as CVE-2023-45727, with a severity score of 7.5. It affects Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08.

Late last month, researchers from Trend Micro said that this bug was one of many that was being used by Chinese state-sponsored threat actors Earth Kasha (aka MirrorFace). The Chinese also used bugs in Array AG, and Fortinet FortiOS/FortiProxy, to establish initial access on their targets’ endpoints.

Furthermore, a bug found in ProjectSend versions prior to r1720 allows a remote, unauthenticated user to create accounts, upload web shells, and embed malicious JavaScript. It is tracked as CVE-2024-11680, and comes with a severity score of 9.8 (critical).

All the bugs recently added to KEV can be found on this link.

Via The Hacker News

Cisco warns a decade-old vulnerability is back and targeting users
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.