The agency recommended that the use of certain devices be stopped immediately.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about four critical vulnerabilities that are being actively exploited in real-world conditions.
Vulnerabilities have been found in products from D-Link, DrayTek, Motion Spell and SAP, posing a potential threat to users around the world.
CVE-2023-25280: Vulnerability in D-Link DIR-820 router
The first vulnerability, CVE-2023-25280 (CVSS score: 9.8), affects the D-Link DIR-820 router. An elevation of privilege vulnerability in the application of the Elevation of the Domain Finger to remote unauthorized attackers could gain root privileges through the ping_addr parameter in the ping.ccp component. While it has not yet been established that the vulnerability is being exploited in ransomware campaigns, its potential threat remains significant. Since support for the router has ended, CISA recommends that users stop using it immediately.
CVE-2020-15415: Vulnerability in DrayTek routers
The following vulnerability, CVE-2020-15415 (CVSS score: 9.8), was found in DrayTek routers models Vigor3900, Vigor2960, and Vigor300B. The vulnerability allows arbitrary code execution via the cgi-bin/mainfunction.cgi/cvmcfgupload component. By using shell metacharacters in the file name, an attacker can execute remote code. Users are advised to apply the measures suggested by the manufacturer or stop using the device if there are no patches.
CVE-2021-4043: GPAC Motion Spell vulnerability
The third vulnerability, CVE-2021-4043 (CVSS score of 5.5), is related to Motion Spell's GPAC software. A null pointer dereferencing vulnerability allows local attackers to cause a denial of service (DoS). Although there are no confirmed cases of extortion exploitation, users should apply the fixes offered by the manufacturer or refuse to use the software.
CVE-2019-0344: SAP Commerce Cloud vulnerability
The most recent vulnerability, CVE-2019-0344 (CVSS score 9.8), affects SAP Commerce Cloud (formerly known as Hybris). The vulnerability is related to the deserialization of undercooked data in the mediaconversion and virtualjdbc extensions, which could lead to code injection attacks. Users are encouraged to follow the remediation recommendations or stop using the components.
CISA strongly recommends that these vulnerabilities be addressed by October 21, 2024. Federal agencies need to take timely steps to protect their systems, including installing updates or discontinuing the use of vulnerable components.
Source
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about four critical vulnerabilities that are being actively exploited in real-world conditions.
Vulnerabilities have been found in products from D-Link, DrayTek, Motion Spell and SAP, posing a potential threat to users around the world.
CVE-2023-25280: Vulnerability in D-Link DIR-820 router
The first vulnerability, CVE-2023-25280 (CVSS score: 9.8), affects the D-Link DIR-820 router. An elevation of privilege vulnerability in the application of the Elevation of the Domain Finger to remote unauthorized attackers could gain root privileges through the ping_addr parameter in the ping.ccp component. While it has not yet been established that the vulnerability is being exploited in ransomware campaigns, its potential threat remains significant. Since support for the router has ended, CISA recommends that users stop using it immediately.
CVE-2020-15415: Vulnerability in DrayTek routers
The following vulnerability, CVE-2020-15415 (CVSS score: 9.8), was found in DrayTek routers models Vigor3900, Vigor2960, and Vigor300B. The vulnerability allows arbitrary code execution via the cgi-bin/mainfunction.cgi/cvmcfgupload component. By using shell metacharacters in the file name, an attacker can execute remote code. Users are advised to apply the measures suggested by the manufacturer or stop using the device if there are no patches.
CVE-2021-4043: GPAC Motion Spell vulnerability
The third vulnerability, CVE-2021-4043 (CVSS score of 5.5), is related to Motion Spell's GPAC software. A null pointer dereferencing vulnerability allows local attackers to cause a denial of service (DoS). Although there are no confirmed cases of extortion exploitation, users should apply the fixes offered by the manufacturer or refuse to use the software.
CVE-2019-0344: SAP Commerce Cloud vulnerability
The most recent vulnerability, CVE-2019-0344 (CVSS score 9.8), affects SAP Commerce Cloud (formerly known as Hybris). The vulnerability is related to the deserialization of undercooked data in the mediaconversion and virtualjdbc extensions, which could lead to code injection attacks. Users are encouraged to follow the remediation recommendations or stop using the components.
CISA strongly recommends that these vulnerabilities be addressed by October 21, 2024. Federal agencies need to take timely steps to protect their systems, including installing updates or discontinuing the use of vulnerable components.
Source
