U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability CVE-2024-35250 (CVSS score 7.8) is a Windows Kernel-Mode Driver Elevation of Privilege issue

A local attacker could exploit this vulnerability to gain SYSTEM privileges. The attack complexity is labeled as low.

The vulnerability CVE-2024-20767 (CVSS score 7.4) is an Improper Access Control issue in ColdFusion versions 2023.6, 2021.12, and earlier. An attacker can exploit the flaw to gain arbitrary file reads. Exploitation requires an exposed admin panel.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by January 6, 2025.

The US agency is unaware of ransomware attacks exploiting the above vulnerabilities in the wild.

Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Microsoft flaw to its Known Exploited Vulnerabilities (KEV) catalog, the Windows Common Log File System (CLFS) driver vulnerability CVE-2024-49138  (CVSS score: 7.8).

CISA ordered federal agencies to fix this vulnerability by December 31, 2024.

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)