CISA logo showing a dark blue circular ring with Cybersecurity and Infrastructure Security Agency text. Inside, an eagle with outstretched wings holds a shield featuring a keyhole symbol. Behind the eagle is a network pattern symbolizing digital security and infrastructure protection.

CISA Adds New Vulnerabilities to Known Exploited Vulnerabilities

By: Johnny Watts
Created On: Wed, 13 Nov 2024 0:48:55 EST
Category: Articles

The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its list of “Known Exploited Vulnerabilities,” indicating these flaws are actively being targeted by cybercriminals:

  • CVE-2021-26086 – Atlassian Jira Server and Data Center Path Traversal Vulnerability
  • CVE-2014-2120 – Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
  • CVE-2021-41277 – Metabase GeoJSON API Local File Inclusion Vulnerability
  • CVE-2024-43451 – Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
  • CVE-2024-49039 – Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2021-26086 - Path Traversal Vulnerability in Atlassian Jira Server and Data Center

Description: Path Traversal (Directory Traversal) vulnerabilities allow attackers to manipulate file paths to gain unauthorized access to files outside the intended directory. This Jira vulnerability allows attackers to bypass file path restrictions, potentially enabling them to:

  • Access files outside of Jira’s intended directories.
  • View sensitive information such as server configurations or credentials.
  • Execute malicious scripts if sensitive files are modified.

Impact: If exploited, this vulnerability can lead to unauthorized access to system files, exposing sensitive data and potentially allowing attackers to escalate privileges within the network.

Exploit Mechanism: Attackers could exploit this by manipulating the file path in a crafted URL or request, enabling access to restricted files on the system.

CVE-2014-2120 - Cross-Site Scripting (XSS) in Cisco ASA

Description: Cross-Site Scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into web pages viewed by others. This XSS vulnerability affects Cisco ASA’s web-based management interface, permitting attackers to:

  • Steal session cookies, which could be used to hijack sessions.
  • Execute arbitrary JavaScript, potentially altering configurations or redirecting users to malicious sites.

Impact: If an attacker successfully exploits this XSS vulnerability, they could steal session cookies, hijack sessions, or modify critical settings on the device.

Exploit Mechanism: Attackers inject malicious scripts through unsanitized fields or forms in the ASA’s web interface, which then execute when viewed by an administrator.

CVE-2021-41277 - Local File Inclusion Vulnerability in Metabase

Description: Local File Inclusion (LFI) vulnerabilities allow attackers to include and access files from the server’s filesystem. This Metabase vulnerability enables attackers to:

  • Access sensitive files, such as configuration or log files.
  • Execute malicious code if they can trick the application into including executable files.

Impact: Successful exploitation can lead to unauthorized access to sensitive files or, in some cases, full server compromise if executable files are included.

Exploit Mechanism: Attackers manipulate API inputs to point to unintended files, potentially gaining access to files outside the expected directory.

CVE-2024-43451 - NTLMv2 Hash Disclosure Spoofing in Microsoft Windows

Description: NTLMv2 is an authentication protocol that uses hashes to securely authenticate users. This vulnerability allows attackers to:

  • Extract NTLMv2 hashes through spoofing, which can be cracked offline for unauthorized access.
  • Impersonate users or systems to trick Windows into disclosing NTLMv2 hashes.

Impact: If attackers obtain NTLMv2 hashes, they can escalate privileges, gain unauthorized access, and even perform attacks remotely without direct network access.

Exploit Mechanism: Attackers spoof legitimate entities, manipulating the NTLMv2 authentication flow to trigger hash disclosures.

CVE-2024-49039 - Privilege Escalation in Microsoft Windows Task Scheduler

Description: Privilege Escalation vulnerabilities allow users to gain higher-level access, potentially bypassing access controls. This Task Scheduler vulnerability could allow attackers to escalate privileges on Windows systems.

Further details on this vulnerability can be provided based on specific scenarios and system configurations.

Note: Organizations using affected systems should review CISA’s recommendations and consider patching or implementing mitigations to protect against these exploits.

Thanks for Reading. You may also like some of these popular articles:

Critical Security Vulnerability in XAMPP for Windows
A critical security vulnerability has been identified in the default settings of the Apache service configuration within XAMPP on Windows systems. This flaw, discovered by Security Researcher Kaotickj, raises significant security concerns. [ Read ]

Proof of Concept for Learning Management System Exploits
While testing and confirming the above known exploits, Security Researcher, Johnny Watts, has found an additional arbitrary file upload flaw in the "classroom materials" upload function. The researcher was able to successfully upload a php command shell which he used to gain administrative access to the target system. [ Read ]

Frequently Asked Questions About Web Design
I’ve compiled this list of questions that I frequently get from clients and visitors to provide you with a better understanding of what Web Designers do, and how your Business can benefit from hiring a professional Web Designer. [ Read ]

6 Reasons Your Local Business Listings Need to Be Accurate
All local business listings for your business must be accurate! Incomplete or inaccurate information can be the deciding factor in a potential customer's decision between you and your competitor! [ Read ]

How to Respond to Negative Reviews
How you respond to a negative review impacts not only the reviewer, but all the sets of eyes that come afterward. Seeing a business handle a particularly challenging review online suggests that management is proud of their business, and willing to go the extra mile to maintain their reputation! [ Read ]

Critical Data For Online Business Listings
If you want to rank well in local search, you need consistent NAP data, website, hours, and more across all major listing directories. [ Read ]

How to Respond to Positive Reviews
While negative reviews often get this most attention, positive reviews are as or more important! Its important to respond to positive reviews to thank customers for taking the time to review your business and to encourage others to do the same. [ Read ]

The Basics of Online Advertising
Digital advertising increases awareness - its that simple. Digital advertising consists of a range of services, all of which work to promote a business online. [ Read ]

How to Engage Your Audience Through Social Media
Is your social media falling flat? Don't sweat it; many hours have gone into perfecting the use of this not-so-secret weapon. Facebook, Google+, Twitter, Pinterest, and Instagram strategies are outlined in detail below. [ Read ]

Understanding and Optimizing Your Website Speed
Page speed is the amount of time it takes for the content on a website's page to fully load. In a world where people have come to expect instantaneous results, faster is better. [ Read ]

 

An animated image representing bots being counted with the text: One bot. Two bots. Three bots. Four. Each one counts a little more. johnny5
johnny5
johnny5
johnny5