The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added A high-severity security flaw affecting Acclaim Systems USAHERDS to known vulnerabilities is now fixed (KEV) catalog based on evidence of active exploitation in the wild.
The vulnerability in question CVE-2021-44207 (CVSS Score: 8.1), a case of hard-coded static credentials in Acclaim USAHERDS that could allow an attacker to execute arbitrary code on sensitive servers.
In particular, this applies to the use of static ValidationKey and DecryptionKey values in versions 7.4.0.1 and earlier, which can be used for remote code execution on the server where the application is running. However, an attacker would have to use some other means to obtain the keys in the first place.
“These keys are used to provide security for the ViewState application,” Google-owned Mandiant said in the advisory by mistake back in December 2021. “A threat entity that knows these keys can trick the application server into deserializing the maliciously crafted ViewState data.”
“A threat actor that knows the validationKey and decryptionKey for a web application can create a malicious ViewState that passes MAC validation and is deserialized by the server. This deserialization can lead to code execution on the server.”
Although there are no new reports of CVE-2021-44207 being used in actual attacks, the vulnerability has been identified as a zero-day attack targeting six US state government networks in 2021 was abused by the China-linked APT41 threat actor.
Federal Civil Executive Agencies (FCEB) are encouraged to implement vendor-provided mitigation measures by January 13, 2025 to protect their networks from active threats.
This development came as Adobe warned of a critical security flaw in ColdFusion (CVE-2024-53961CVSS score: 7.8), which he says already has a known proof-of-concept (PoC) exploit that can cause an arbitrary file system read.
The vulnerability has been addressed in ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12. Users are encouraged to apply the patches as soon as possible to reduce the potential risk.
