CISA has identified four new vulnerabilities in its Known Exploited Vulnerabilities Catalogue due to evidence of active exploitation. These include the buffer overflow vulnerability CVE-2014-3931 affecting Multi-Router Looking Glass systems, the command injection vulnerability CVE-2016-10033 in outdated PHPMailer, the CVE-2019-5418 path traversal vulnerability in Ruby on Rails, and the SSRF vulnerability CVE-2019-9621 linked to recent exploits through Zimbra. Security experts emphasize the risks posed by these vulnerabilities, particularly for legacy systems that remain unpatched.
CVE-2014-3931 still lurks in aging Multi Router Looking Glass instances where the fastping buffer overflow lets a remote user corrupt memory.
CVE-2016-10033 haunts legacy web apps that never replaced or updated PHPMailer, allowing hostile input to hijack the mail routine and run arbitrary commands.
CVE-2019-5418 keeps exposing Ruby on Rails' servers when crafted accept headers trick render calls into disclosing local files, with proof-of-concept chains that reach code execution in some setups.
Only CVE-2019-9621 has a known campaign: Trend Micro tied the Earth Lusca group to widespread Zimbra breaches in 2023 that planted web shells and Cobalt Strike beacons via the SSRF bug.
Collection
[
|
...
]