Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized
Analysis Summary
# Vulnerability: Four Actively Exploited Flaws Added to CISA KEV Catalog
## CVE Details
- CVE ID: CVE-2024-45195
- CVSS Score: **9.8** (Critical) / 7.5 (Source reports varied base scores)
- CWE: Forced Browsing (Inferred for CVE-2024-45195)
- CVE ID: CVE-2024-29059
- CVSS Score: **7.5** (High)
- CWE: Information Disclosure (Inferred)
- CVE ID: CVE-2018-9276
- CVSS Score: **7.2** (High)
- CWE: OS Command Injection (Inferred)
- CVE ID: CVE-2018-19410
- CVSS Score: **9.8** (Critical)
- CWE: Local File Inclusion (Inferred)
## Affected Systems
- **Products:**
- Apache OFBiz
- Microsoft .NET Framework
- Paessler PRTG Network Monitor
- **Versions:** Specific vulnerable versions are not detailed, only that versions *prior* to the respective fixes are affected.
- **Configurations:**
- CVE-2018-9276 requires administrative privileges on the PRTG System Administrator web console.
- CVE-2018-19410 allows exploitation by a remote, unauthenticated attacker.
## Vulnerability Description
CISA has added four vulnerabilities to its KEV catalog, indicating active exploitation in the wild:
1. **CVE-2024-45195 (Apache OFBiz):** A forced browsing vulnerability that can allow a remote attacker to obtain unauthorized access and execute arbitrary code on the server.
2. **CVE-2024-29059 (Microsoft .NET Framework):** An information disclosure flaw that could expose the ObjRef URI, potentially leading to Remote Code Execution (RCE).
3. **CVE-2018-9276 (PRTG Network Monitor):** An OS command injection vulnerability accessible via the PRTG System Administrator web console, executable by an attacker who already possesses administrative privileges.
4. **CVE-2018-19410 (PRTG Network Monitor):** A Local File Inclusion (LFI) vulnerability that permits a remote, unauthenticated attacker to create user accounts with read-write privileges.
## Exploitation
- Status: **Actively exploited in the wild** (as per CISA KEV inclusion).
- Complexity: Varies (Low for unauthenticated LFI in CVE-2018-19410, potentially higher for others requiring privileges/specific conditions).
- Attack Vector: Network and Local interactions are implied across the different flaws.
## Impact
The specific impact depends on the CVE, but collectively, the flaws pose severe risks:
- Confidentiality: Potential for unauthorized access and information disclosure (CVE-2024-29059).
- Integrity: Potential for arbitrary code execution (CVE-2024-45195) and command execution (CVE-2018-9276).
- Availability: Potential associated risks depending on the exploitation success, though RCE/Command Injection are the primary concerns documented.
## Remediation
### Patches
Vendors have released fixes for these issues:
- **CVE-2024-45195:** Fixed in **September 2024** release of Apache OFBiz.
- **CVE-2024-29059:** Fixed in **March 2024** Microsoft security updates.
- **CVE-2018-9276 & CVE-2018-19410:** Fixed in **April 2018** release of Paessler PRTG Network Monitor (specifically versions 18.2.39 and later).
### Workarounds
No specific workarounds are detailed in the provided summary text, but organizations should prioritize patching immediately.
## Detection
- Indicators of compromise (IOCs) were not specified in the summary.
- Detection methods: Organizations covered by CISA directives (FCEB agencies) must verify remediation status based on vendor patch advisories. Reviewing network traffic and system logs related to application endpoints for signs of forced browsing attempts, unusual ObjRef URI data patterns, or unexpected command execution against Apache OFBiz, .NET services, and PRTG servers is recommended.
## References
- Vendor Advisory (CISA KEV): hxxps://www.cisa.gov/news-events/alerts/2025/02/04/cisa-adds-four-known-exploited-vulnerabilities-catalog
- CVE-2024-45195 Details: hxxps://www.cve.org/CVERecord?id=CVE-2024-45195
- CVE-2024-29059 Details: hxxps://www.cve.org/CVERecord?id=CVE-2024-29059 (and Microsoft MSRC)
- CVE-2018-9276 Details: hxxps://www.cve.org/CVERecord?id=CVE-2018-9276 (and PRTG History link)
- CVE-2018-19410 Details: hxxps://www.cve.org/CVERecord?id=CVE-2018-19410 (and PRTG History link)