#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

31 C
Dubai
Tuesday, June 3, 2025
Subscribe
HomeTopics 5Vulnerability ManagementCISA Flags Four Critical Vulnerabilities in KEV Catalog: Urgent Patching Required for...
Vulnerability ManagementWorldwide

CISA Flags Four Critical Vulnerabilities in KEV Catalog: Urgent Patching Required for Apache, Microsoft, and Paessler Systems

By: Ouaissou DEMBELE

Date:

Related stories

spot_imgspot_imgspot_imgspot_img

On February 4, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog with four high-risk flaws actively exploited in cyberattacks. These vulnerabilities affecting Apache OFBiz, Microsoft .NET Framework, and Paessler PRTG Network Monitor pose severe risks to federal agencies and private enterprises alike.

With a remediation deadline of February 25, 2025, mandated for federal entities under Binding Operational Directive (BOD) 22-01, this article dissects the technical nuances, exploitation trends, and actionable mitigation strategies for cybersecurity professionals 5812.

Detailed Analysis of the Four Vulnerabilities

1. CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability

  • Severity: Critical (CVSS 9.8)
  • Impact: Unauthenticated attackers can bypass authorization checks via forced browsing, enabling remote code execution (RCE) or SQL injection. Exploitation allows access to sensitive ERP data, including financial records and user credentials 5812.
  • Affected Versions: Apache OFBiz versions prior to 18.12.16.
  • Patch Status: Fixed in September 2024, but delayed adoption has left many systems exposed. Rapid7 researchers confirmed active exploitation using proof-of-concept (PoC) exploits targeting weak authorization mechanisms 812.

Key Insight: This vulnerability is a bypass for earlier patches (CVE-2024-32113, CVE-2024-36104), emphasizing the need for comprehensive patch validation 12.

2. CVE-2024-29059: Microsoft .NET Framework Information Disclosure

  • Severity: High (CVSS 7.5)
  • Impact: Exploitable via error-handling flaws, this vulnerability leaks ObjRef URI data, which attackers can weaponize for .NET Remoting attacks to execute arbitrary code 68.
  • Affected Systems: Windows 10/Server running .NET Framework 3.5, 4.7.2, and 4.8.
  • Patch Timeline: Initially dismissed by Microsoft in December 2023, a fix was quietly rolled out in January 2024 after CODE WHITE researchers published technical details 8.

Why It Matters: Information disclosure flaws often serve as precursors to ransomware campaigns, as seen in recent APT29 attacks targeting unpatched .NET systems 12.

3. CVE-2018-9276: Paessler PRTG Network Monitor OS Command Injection

  • Severity: Critical
  • Impact: Attackers with admin privileges can inject malicious OS commands via malformed sensor parameters, compromising the PRTG server and connected devices 56.
  • Affected Versions: PRTG versions prior to 18.2.39.
  • Exploitation: Linked to insider threats and compromised credentials, this flaw enables lateral movement within networks 12.

4. CVE-2018-19410: Paessler PRTG Local File Inclusion (LFI)

  • Severity: Critical
  • Impact: Unauthenticated attackers craft malicious HTTP requests to /public/login.htm, creating admin users and gaining full system control 610.
  • Affected Versions: PRTG versions prior to 18.2.40.1683.

Context: Paessler resolved both PRTG flaws in 2018, but outdated deployments remain prevalent in critical infrastructure sectors, making them low-hanging fruit for attackers 1012.

Broader Implications for Cybersecurity

  • Federal Mandates: Under BOD 22-01, federal agencies must patch by February 25, 2025, or face non-compliance penalties. Private organizations are urged to follow suit 710.
  • Exploitation Trends: State-sponsored groups like APT28 and ransomware collectives (e.g., LockBit 3.0) are targeting these vulnerabilities to disrupt supply chains and extort enterprises 12.
  • Statistical Insight: A 2024 Cyble report found that 63% of unpatched PRTG systems were breached within six months of vulnerability disclosure 6.

10 Critical Mitigation Strategies

  1. Prioritize Patching: Immediately update Apache OFBiz to v18.12.16, .NET Framework to January 2024+ builds, and PRTG to v18.2.41.1652 5812.
  2. Segment Backup Networks: Isolate PRTG and OFBiz systems to limit lateral movement 12.
  3. Enforce Least Privilege: Restrict admin access to PRTG consoles to minimize insider threats 6.
  4. Monitor Traffic: Deploy IDS/IPS to detect forced browsing or anomalous HTTP requests 5.
  5. Audit Logs: Regularly review updater.log (Apache) and PRTG access logs for signs of tampering 8.
  6. Leverage Automation: Use tools like Cyble Vision for real-time vulnerability tracking 6.
  7. Conduct Red Teaming: Simulate attacks exploiting these CVEs to identify gaps 12.
  8. Adopt Zero Trust: Validate all user sessions and API requests, even within trusted networks 10.
  9. Train Personnel: Educate teams on recognizing social engineering tactics targeting .NET error logs 8.
  10. Engage CISA Resources: Subscribe to CISA’s alerts and utilize their Vulnerability Scanning Service (VSS) 7.

Conclusion

CISA’s latest KEV update underscores the relentless evolution of cyber threats targeting foundational enterprise software. While federal agencies race to meet the February 25 deadline, private-sector organizations must treat these vulnerabilities with equal urgency. The intersection of legacy systems and sophisticated adversaries demands a proactive stance—patching is no longer optional but a survival imperative.

Ouaissou DEMBELE
Ouaissou DEMBELEhttp://cybercory.com
Ouaissou DEMBELE is a seasoned cybersecurity expert with over 12 years of experience, specializing in purple teaming, governance, risk management, and compliance (GRC). He currently serves as Co-founder & Group CEO of Sainttly Group, a UAE-based conglomerate comprising Saintynet Cybersecurity, Cybercory.com, and CISO Paradise. At Saintynet, where he also acts as General Manager, Ouaissou leads the company’s cybersecurity vision—developing long-term strategies, ensuring regulatory compliance, and guiding clients in identifying and mitigating evolving threats. As CEO, his mission is to empower organizations with resilient, future-ready cybersecurity frameworks while driving innovation, trust, and strategic value across Sainttly Group’s divisions. Before founding Saintynet, Ouaissou held various consulting roles across the MEA region, collaborating with global organizations on security architecture, operations, and compliance programs. He is also an experienced speaker and trainer, frequently sharing his insights at industry conferences and professional events. Ouaissou holds and teaches multiple certifications, including CCNP Security, CEH, CISSP, CISM, CCSP, Security+, ITILv4, PMP, and ISO 27001, in addition to a Master’s Diploma in Network Security (2013). Through his deep expertise and leadership, Ouaissou plays a pivotal role at Cybercory.com as Editor-in-Chief, and remains a trusted advisor to organizations seeking to elevate their cybersecurity posture and resilience in an increasingly complex threat landscape.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_imgspot_imgspot_imgspot_img
Previous article
macOS FlexibleFerret: Further Variants of DPRK Malware Family Unearthed
Next article
CVE-2025-23114: Critical Code Execution Vulnerability in Veeam Backup Solutions Demands Immediate Action

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Cybercory Magazine

Cybercory.com serves as a platform for promoting, motivating, and educating its audience on cybersecurity matters, contributing to a more secure digital environment. Cybercory is a part of Sainttly Group.

Latest

Popular

Useful Links

Quick Links

© 2021-2025 cybercory.com, Sainttly Group. All Rights Reserved. Designed by digitalliums.com.