The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added a now-patched high-severity safety flaw impacting Acclaim Techniques USAHERDS to the Identified Exploited Vulnerabilities (KEV) catalog, primarily based on proof of lively exploitation within the wild.
The vulnerability in query is CVE-2021-44207 (CVSS rating: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that would permit an attacker to in the end execute arbitrary code on vulnerable servers.
Particularly, it considerations using static ValidationKey and DecryptionKey values in model 7.4.0.1 and prior that could possibly be weaponized to realize distant code execution on the server that runs the appliance. That stated, an attacker must leverage another means to acquire the keys within the first place.
“These keys are used to provide security for the application ViewState,” Google-owned Mandiant stated in advisory for the flaw again in December 2021. “A threat actor with knowledge of these keys can trick the application server into deserializing maliciously crafted ViewState data.”
“A threat actor with knowledge of the validationKey and decryptionKey for a web application can construct a malicious ViewState that passes the MAC check and will be deserialized by the server. This deserialization can result in the execution of code on the server.”
Whereas there are not any new stories of CVE-2021-44207 being weaponized in real-world assaults, the vulnerability was recognized as being abused by the China-linked APT41 menace actor again in 2021 as a zero-day as a part of assaults concentrating on six U.S. state authorities networks.
Federal Civilian Government Department (FCEB) businesses are really helpful to use vendor-provided mitigations by January 13, 2025, to safeguard their networks in opposition to lively threats.
The event comes as Adobe warned of a important safety flaw in ColdFusion (CVE-2024-53961, CVSS rating: 7.8), which it stated already has a recognized proof-of-concept (PoC) exploit that would trigger an arbitrary file system learn.
The vulnerability has been addressed in ColdFusion 2021 Replace 18 and ColdFusion 2023 Replace 12. Customers are suggested to use the patches as quickly as attainable to mitigate potential dangers.
