Urgent Security Alert: The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This update is critical as it signifies that these flaws are being actively exploited by malicious actors in real-world attacks.
Organizations, particularly federal agencies, are now required to address these specific security weaknesses with the utmost urgency according to CISA directives.
The newly added vulnerabilities include:
- A severe authentication bypass flaw affecting ASUS routers, tracked as CVE-2024-3080.
- A critical remote code execution (RCE) vulnerability found in Craft CMS, identified as CVE-2024-27934.
- An authentication bypass vulnerability in ConnectWise ScreenConnect, referenced as CVE-2024-1709.
The presence of these vulnerabilities in the KEV catalog underscores the immediate threat they pose. It is absolutely essential for users and administrators of these affected products to patch immediately or apply recommended mitigations provided by the vendors to prevent potential compromise. Failure to do so leaves systems exposed to attackers already leveraging these weaknesses. Prioritizing the remediation of KEV catalog vulnerabilities is a critical step in strengthening defenses against prevalent cyber threats.
Source: https://securityaffairs.com/178591/hacking/u-s-cisa-adds-asus-rt-ax55-devices-craft-cms-and-connectwise-screenconnect-flaws-to-its-known-exploited-vulnerabilities-catalog.html
