Home » Blog » Zyxel, ProjectSend, CyberPanel vulnerabilities actively exploited, so patch now
Technology

Zyxel, ProjectSend, CyberPanel vulnerabilities actively exploited, so patch now

by
by 0 comments
  • CISA added a number of high-severity flaws to its catalog
  • One of the bugs is a 10/10
  • One but is being exploited by Chinese state-sponsored actors

Multiple vulnerabilities plaguing solutions from Zyxel, North Grid Proself, ProjectSend, and CyberPanel, are being actively exploited in the wild to bypass authentication, mount XXE attacks, drop malicious JavaScript, deploy arbitrary files, and more.

Earlier this year, multiple cybersecurity researchers, vendors, and professionals, warned about these bugs at different times, with reports coming in from Sekoia, Censys, VulnCheck, and others.

Now, the US Cybersecurity and Infrastructure Security Agency (CISA) added these flaws to its Known Exploited Vulnerabilities (KEV) list, confirming in-the-wild abuse. Federal agencies have a three-week deadline to patch the software up or stop using it altogether, which expires on December 25, 2024.

Earth Kasha

The most dangerous of the flaws is an incorrect default permissions vulnerability, discovered in CyberPanel. It has a severity score of 10/10 (critical) and is tracked as CVE-2024-51378. It can be used to bypass authentication and execute arbitrary commands using shell metacharacters.

Other notable mentions include an improper restriction of XML External Entity (XEE) reference vulnerability, tracked as CVE-2023-45727, with a severity score of 7.5. It affects Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08.

Late last month, researchers from Trend Micro said that this bug was one of many that was being used by Chinese state-sponsored threat actors Earth Kasha (aka MirrorFace). The Chinese also used bugs in Array AG, and Fortinet FortiOS/FortiProxy, to establish initial access on their targets’ endpoints.

Furthermore, a bug found in ProjectSend versions prior to r1720 allows a remote, unauthenticated user to create accounts, upload web shells, and embed malicious JavaScript. It is tracked as CVE-2024-11680, and comes with a severity score of 9.8 (critical).

All the bugs recently added to KEV can be found on this link.

Via The Hacker News

You might also like

You Might Also Like

You may also like

Ooh, big stretch! LG’s wearable display now boasts 50% elongation...

iOS 18: new features, compatible devices, and everything you need...

NYT Connections today — hints and answers for Sunday, November...

Americans are turning to VPN services to bet on the...

The leaked DJI Osmo 360 looks like the worst news...

Chinese hackers Volt Typhoon are back, and rebuilding their botnet...

Ford denies it was hit by data breach, says customer...

Fallout season 2 lands Macauley Culkin for mystery role as...

ChatGPT o1 model briefly escapes preview mode

Samsung scientists are working on a new type of memory...

Leave a Comment

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00
Verified by MonsterInsights