Agency for cybersecurity and US infrastructure (CISA) has added Two six -year security deficiencies that affectShip) A catalog based on evidence of active operation.
Vulnerabilities shown below –
- Cve-2019-9874 (CVSS Assessment: 9.8) – Diserumation Deserialization in Sitecore.security.anticsrf Module, which allows an unauthorized attacker to perform an arbitrary code by sending a series.
- Cve-2019-9875 (CVSS Assessment: 8.8) – Deserialization vulnerability in sitcore.security.anticsrf module, which allows you to conduct an authentified attacker to perform an arbitrary code by sending a series.
Currently, there are no details about how the shortcomings are armed in the wild and Kim, though Sitecore in the update that is shared on March 302020, – Note He became “aware of the active exploitation” of Cve-2019-9874. Campaign not mentioned Cve-2019-9875 is operated.
In light of active operation, federal agencies must apply the necessary patches by April 16, 2025 to provide their networks.
Development comes when Akamai statedCve -2015-29927CVS’s assessment: 9.1).
Successful operational exploitation can allow the attacker to undergo an intermediate software check, deceiving a title called “X-Middleware-Subrequest” used to control internal byki streams. This, in turn, can provide unauthorized access to sensitive app resources, Raphael Silva Checkmarx – Note.
“Among the revealed useful loads, one noticeable technique includes the use of the X-Middlewres header – Note.
“This approach imitates several internal margins within one request, launching the internal logic of the Next.js redirect.js – reminiscent of several public Confirm the concept exploited“
The disclosure is also adhered to prevention With Greynoise about active operating attempt, recorded against several known vulnerabilities in Draytek devices.
Intelligence company threats said the observed activity is observed depending on the IDs below CVE-
- Cve-2020-8515 (CVSS assessment: 9.8) –Tuity of the introduction of the operating system in multiple Draytek router models that could allow deleted execution code as root via Shell metharters to CGI-Bin/Mainfunction.cgi
- Cve-2011-20123 (CVSS Assessment: 7.5) – Vulnerability of Local File Inclusion in Draytek Vigorconnect, which can allow an unauthorized attacker to upload arbitrary files from the main operating system with the root privileges through the final download point Fileservlet
- Cve-2011-20124 (CVSS assessment: 7.5) – Vulnerability of local file enable in Draytek Vigorconnect, which can allow an unauthorized attacker to download arbitrary files from the main operating system with the root privileges through the final point of WebServlet
Indonesia, Hong Kong and the United States have appeared as the main countries of the CV-2020-8515 attack on traffic, while Lithuania, the US and Singapore were allocated as part of the Cve-20123 and CVE-20121-20124 attacks.