November 27, 2024 at 06:23AM
VulnCheck warns that threat actors are exploiting a severe vulnerability (CVE-2024-11680) in unpatched ProjectSend servers, allowing remote unauthorized access. Despite a patch released in May 2023, most servers remain unupdated, with 55% still vulnerable, leading to widespread exploitation and potential webshell installations.
### Meeting Takeaways:
1. **Vulnerability Overview**:
– The vulnerability CVE-2024-11680 in ProjectSend (with a CVSS score of 9.8) allows remote, unauthenticated attackers to modify application configurations by exploiting an improper authentication issue.
– It can enable the creation of rogue accounts, uploading of webshells, and embedding of malicious JavaScript.
2. **Discovery and Response**:
– Discovered by Synacktiv in January 2023, the vulnerability was patched in ProjectSend version r1720 released in May 2023. The CVE identifier was issued only recently after related exploits were observed in the wild.
3. **Impact of Vulnerability**:
– Approximately 55% of public-facing ProjectSend instances are still running the vulnerable r1605 version, with many instances failing to update to the secure version r1720.
– There are concerns about widespread exploitation due to a significant number of unpatched servers. VulnCheck indicates that many instances have shown signs of being compromised.
4. **Attacker Activity**:
– Recent observations indicate that attackers are exploiting the vulnerability, prompting registration for accounts and possibly installing webshells.
– Roughly 4,000 ProjectSend instances have been indexed, with most not updated to the patched version.
5. **Call to Action**:
– Urgent recommendations for administrators of ProjectSend instances to update to version r1720 are necessary to mitigate the risk of exploitation.
– Continuous monitoring and assessment of publicly exposed servers should be undertaken to detect and respond to potential compromises.
6. **Additional Information**:
– There have been public exploits released by several security firms targeting CVE-2024-11680, indicating an increase in attack-related activity since September.
**Action Items**:
– Share this information with relevant teams to ensure all instances of ProjectSend are reviewed and updated promptly.
– Monitor cybersecurity channels for updates on exploitation patterns related to this vulnerability.