Zyxel, ProjectSend, CyberPanel vulnerabilities actively exploited, so patch now

December 5, 202408 views

CISA added a number of high-severity flaws to its catalog
One of the bugs is a 10/10
One but is being exploited by Chinese state-sponsored actors

Multiple vulnerabilities plaguing solutions from Zyxel, North Grid Proself, ProjectSend, and CyberPanel, are being actively exploited in the wild to bypass authentication, mount XXE attacks, drop malicious JavaScript, deploy arbitrary files, and more.

Earlier this year, multiple cybersecurity researchers, vendors, and professionals, warned about these bugs at different times, with reports coming in from Sekoia, Censys, VulnCheck, and others.

Now, the US Cybersecurity and Infrastructure Security Agency (CISA) added these flaws to its Known Exploited Vulnerabilities (KEV) list, confirming in-the-wild abuse. Federal agencies have a three-week deadline to patch the software up or stop using it altogether, which expires on December 25, 2024.

Earth Kasha

The most dangerous of the flaws is an incorrect default permissions vulnerability, discovered in CyberPanel. It has a severity score of 10/10 (critical) and is tracked as CVE-2024-51378. It can be used to bypass authentication and execute arbitrary commands using shell metacharacters.

Other notable mentions include an improper restriction of XML External Entity (XEE) reference vulnerability, tracked as CVE-2023-45727, with a severity score of 7.5. It affects Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08.

Late last month, researchers from Trend Micro said that this bug was one of many that was being used by Chinese state-sponsored threat actors Earth Kasha (aka MirrorFace). The Chinese also used bugs in Array AG, and Fortinet FortiOS/FortiProxy, to establish initial access on their targets’ endpoints.

Furthermore, a bug found in ProjectSend versions prior to r1720 allows a remote, unauthenticated user to create accounts, upload web shells, and embed malicious JavaScript. It is tracked as CVE-2024-11680, and comes with a severity score of 9.8 (critical).

All the bugs recently added to KEV can be found on this link.

Via The Hacker News

Cisco warns a decade-old vulnerability is back and targeting users
Here’s a list of the best firewalls today
These are the best endpoint protection tools right now

Earth Kasha

LG next-gen OLED TVs have leaked already, and one has a surprise gaming upgrade

Want to live longer? Turns out being fit might be more important than your body weight

Related posts

No, you can’t run Windows on its tiny screen; minuscule mini PC has built-in display, fingerprint reader, OCuLink, double 2.5Gb LAN port and can drive four 8K monitors without an extra GPU

NYT Connections today — my hints and answers for Thursday, December 12 (game #550)

NYT Strands today — my hints, answers and spangram for Thursday, December 12 (game #284)