Alert: CISA Warns of 4 Critical Zero-Day Threats - Immediate Patching Required

CISA Adds Four Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has identified four actively exploited security vulnerabilities that pose significant risks to systems and networks. These vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog.

Critical Vulnerabilities:

1. Apache OFBiz (CVE-2024-45195)
– Severity: 7.5/9.8
– Type: Forced browsing vulnerability
– Impact: Unauthorized access and arbitrary code execution
– Patched: September 2024

2. Microsoft .NET Framework (CVE-2024-29059)
– Severity: 7.5
– Type: Information disclosure vulnerability
– Impact: ObjRef URI exposure and remote code execution
– Patched: March 2024

3. Paessler PRTG Network Monitor (CVE-2018-9276)
– Severity: 7.2
– Type: OS command injection
– Impact: Administrative command execution
– Patched: April 2018

4. Paessler PRTG Network Monitor (CVE-2018-19410)
– Severity: 9.8
– Type: Local file inclusion
– Impact: Unauthorized user creation with privileges
– Patched: April 2018

Federal Civilian Executive Branch agencies must implement patches by February 25, 2025, to protect against potential threats. While these vulnerabilities have been patched, their active exploitation methods remain undocumented.

Keywords: CISA vulnerabilities, cybersecurity threats, Apache OFBiz exploit, Microsoft .NET vulnerability, PRTG Network Monitor security, critical system patches

Share This Article

Alert: CISA Warns of 4 Critical Zero-Day Threats – Immediate Patching Required

Related Articles

Urgent Alert: Booking.com Phishing Scam Uses “ClickFix” Trick to Deploy Dangerous Malware Against Hospitality Workers

Urgent Alert: Critical FreeType Vulnerability Actively Exploited in the Wild – What You Need to Know

Alert: Medusa Ransomware Strikes Over 300 U.S. Critical Infrastructure Organizations

Quick Links

Company

Get In Touch