The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified two significant security vulnerabilities affecting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM). These vulnerabilities have been added to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation risks.
The identified vulnerabilities are:
-
CVE-2017-3066 (CVSS score: 9.8): A deserialization vulnerability within Adobe ColdFusion, specifically in the Apache BlazeDS library, which could allow for arbitrary code execution. This flaw was patched in April 2017.
-
CVE-2024-20953 (CVSS score: 8.8): A deserialization vulnerability affecting Oracle Agile PLM that allows a low-privileged attacker with HTTP network access to compromise systems. This issue was fixed in January 2024.
Currently, there have been no public reports confirming the exploitation of these vulnerabilities. However, there was a related vulnerability impacting Oracle Agile PLM (CVE-2024-21287, CVSS score: 7.5) that experienced active abuse late last year.
To mitigate potential attacks, it is recommended that users apply the necessary updates to their systems. Federal agencies have until March 17, 2025, to secure their networks from these threats.
Additionally, threat intelligence firm GreyNoise reported ongoing exploitation attempts targeting another vulnerability, CVE-2023-20198, which affects Cisco devices. Approximately 110 malicious IP addresses linked to these activities have been traced back to countries including Bulgaria, Brazil, and Singapore.
GreyNoise further noted that some of these malicious activities originated from incentives linked to a state-sponsored threat group called Salt Typhoon, which had targeted telecom networks using the same vulnerability exploits.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.