The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
See more: https://thehackernews.com/2024/12/cisa-warns-of-active-exploitation-of.html
#cybersecurity #kev #cisa
quotingCISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks
nevent1q…83u9
The US cybersecurity agency CISA on Tuesday warned that a path traversal vulnerability in multiple Zyxel firewall appliances has been exploited in the wild.
The issue, tracked as CVE-2024-11667 (CVSS score of 7.5), is a high-severity flaw affecting the web management interface of Zyxel ATP, USG FLEX, and USG20(W)-VPN series devices.
Successful exploitation of the security defect could allow an attacker to download or upload files using crafted URLs, a NIST advisory reads.
“An attacker may gain unauthorized access to the system, steal credentials, and create backdoor VPN connections by exploiting the vulnerability,” Qualys warned on Tuesday.
See more: https://www.securityweek.com/cisa-warns-of-zyxel-firewall-vulnerability-exploited-in-attacks/
#cybersecurity #zyxel #exploit