December 5, 2024 at 01:18AM
The U.S. CISA has added several vulnerabilities to its KEV catalog, including severe issues in Zyxel and I-O DATA products, with active exploitation reported. Recommendations for remediation by December 25, 2024, are urged for federal agencies. Meanwhile, I-O DATA advises users to enhance security until patches are released.
**Meeting Takeaways – Dec 05, 2024: Vulnerability / Threat Intelligence**
1. **CISA Update on Known Exploited Vulnerabilities:**
– Multiple security flaws from Zyxel, North Grid Proself, ProjectSend, and CyberPanel have been added to the CISA’s KEV catalog due to evidence of active exploitation.
– Key vulnerabilities include:
– **CVE-2024-51378 (CVSS 10.0):** Authentication bypass via incorrect default permissions.
– **CVE-2023-45727 (CVSS 7.5):** Improper restriction of XML External Entity leading to potential XXE attacks.
– **CVE-2024-11680 (CVSS 9.8):** Improper authentication allowing account creation and upload of malicious files.
– **CVE-2024-11667 (CVSS 7.5):** Path traversal vulnerability in web management interface.
2. **Attribution and Exploitation Concerns:**
– CVE-2023-45727 linked to the Earth Kasha cyber espionage group.
– CVE-2024-11680 being weaponized by malicious actors since September 2024.
– CVE-2024-51378 and CVE-2024-11667 associated with ransomware campaigns (PSAUX and Helldown).
3. **Remediation Recommendations:**
– FCEB agencies are urged to address these vulnerabilities by December 25, 2024.
4. **I-O DATA Routers Vulnerabilities:**
– JPCERT/CC reports active exploitation of three vulnerabilities in I-O DATA routers (UD-LT1 and UD-LT1/EX):
– **CVE-2024-45841 (CVSS 6.5):** Permission issues allowing sensitive file access.
– **CVE-2024-47133 (CVSS 7.2):** OS command injection vulnerability for admin users.
– **CVE-2024-52564 (CVSS 7.5):** Undocumented features allowing remote access to critical functions.
– Firmware updates for CVE-2024-52564 are available, while fixes for the other vulnerabilities are expected only by December 18, 2024.
5. **Security Recommendations for I-O DATA Router Users:**
– Limit exposure of settings screens by disabling remote management.
– Change default guest user passwords.
– Ensure administrator passwords are strong and not easily guessable.
6. **Additional Notes:**
– Follow relevant channels (Twitter, LinkedIn) for more updates and articles related to cybersecurity.
Please ensure that teams take necessary actions regarding the identified vulnerabilities and stay updated with the latest security practices.