Thursday, January 16, 2025
HomeCVE/vulnerabilityCISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being actively exploited in the wild.

The vulnerabilities affect popular software and hardware products, including Zyxel firewalls, CyberPanel, North Grid, and ProjectSend.

Organizations using these products are urged to apply mitigations immediately or discontinue usage if fixes are unavailable.

CVE-2024-51378: CyberPanel Incorrect Default Permissions Vulnerability

CyberPanel has been identified as having an incorrect default permissions vulnerability, referenced as CVE-2024-51378.

This flaw facilitates an authentication bypass, allowing attackers to execute arbitrary commands through shell metacharacters in the statusfile property.

The vulnerability is related to CWE-276, which pertains to incorrect default permissions. This issue has been linked to known ransomware campaigns, highlighting the urgency for organizations to address it.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

CVE-2023-45727: North Grid Proself Improper Restriction of XML External Entity

Another significant vulnerability, CVE-2023-45727, affects North Grid Proself products, including the Enterprise/Standard, Gateway, and Mail Sanitize versions.

This improper restriction of XML External Entity (XXE) reference vulnerability could enable a remote, unauthenticated attacker to conduct XXE attacks. The issue is associated with CWE-611, which involves improperly handling XML input.

CVE-2024-11680: ProjectSend Improper Authentication Vulnerability

The open-source file sharing software ProjectSend is also under scrutiny with CVE-2024-11680.

This improper authentication vulnerability permits remote attackers to modify the application’s configuration through crafted HTTP requests to options.php.

Exploiting this flaw can lead to account creation, webshell uploads, and embedding malicious JavaScript. Related to CWE-287, it is a critical issue that could have severe implications if left unaddressed.

CVE-2024-11667: Zyxel Multiple Firewalls Path Traversal Vulnerability

CVE-2024-11667 affects multiple Zyxel firewall models, presenting a path traversal vulnerability within the web management interface.

This vulnerability allows attackers to download or upload files using crafted URLs, aligning with CWE-22, which involves path traversal concerns. Notably, this vulnerability is known to be leveraged in ransomware campaigns, increasing its threat profile.

CISA’s advisory underscores the critical nature of these vulnerabilities and the need for immediate action to prevent potential exploitation.

Organizations using Zyxel firewalls, CyberPanel, North Grid, or ProjectSend are advised to prioritize system updates and mitigation efforts.

Failure to address these vulnerabilities could lead to severe security breaches, including data loss and unauthorized access, reinforcing the importance of proactive cybersecurity measures.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property....

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property....

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...