When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The bug can be used to gain system privileges in low-complexity attacks that dont even require any user interaction.
When a vulnerability is added to KEV, that means that there is evidence of in-the-wild abuse.
Federal agencies have a three-week deadline to apply the patch, or stop using the flawed software.
At the same time, CISA also added anAdobeColdFusion vulnerability, tracked as CVE-2024-20767.
An attacker could leverage this vulnerability to access or modify restricted files, reads the flaws description on CVE.org.
Exploitation of this issue does not require user interaction.
Exploitation of this issue requires the admin panel be exposed to the internet.
Agencies have until January 6, 2025 to apply the fixes.
ViaBleepingComputer
