CISA Adds Critical USAHERDS Flaw to Exploited Vulnerabilities List
CISA Adds High-Severity Vulnerability in Acclaim Systems USAHERDS to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently highlighted a significant security vulnerability impacting Acclaim Systems USAHERDS. This high-severity flaw, designated as CVE-2021-44207, has been added to the Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 8.1, this vulnerability poses a serious risk for organizations utilizing this software.
Understanding CVE-2021-44207
CVE-2021-44207 is characterized by hard-coded static credentials within Acclaim USAHERDS, potentially allowing attackers to execute arbitrary code on vulnerable servers. Specifically, the issue arises from the use of static ValidationKey and DecryptionKey values in versions 7.4.0.1 and earlier. This flaw could be exploited to achieve remote code execution, although attackers would need to obtain these keys through alternative means first.
- Key Points about CVE-2021-44207:
- Static Credentials: The flaw leverages hard-coded keys that compromise server security.
- Remote Code Execution Risk: Attackers can execute malicious code if they access the static keys.
- Exploitation History: The vulnerability was previously abused by the China-linked APT41 threat actor in 2021, targeting six U.S. state government networks.
Mandiant, a cybersecurity firm owned by Google, emphasized the risks associated with these keys in a December 2021 advisory. According to their analysis, a threat actor armed with knowledge of the ValidationKey and DecryptionKey can craft a malicious ViewState that bypasses the MAC check and is deserialized by the server, leading to potential code execution.
Mitigation Recommendations for Federal Agencies
CISA has urged Federal Civilian Executive Branch (FCEB) agencies to implement vendor-provided mitigations by January 13, 2025, to protect their networks from this threat. Prompt action is essential for safeguarding sensitive data and maintaining operational integrity.
Emerging Threats in Cybersecurity
In related news, Adobe has issued a warning about a critical security flaw in ColdFusion (CVE-2024-53961) with a CVSS score of 7.8. This vulnerability features a known proof-of-concept (PoC) exploit that could facilitate arbitrary file system reads. Adobe has resolved this issue in ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12, urging users to apply these patches immediately.
For more information on cybersecurity threats and protective measures, check out the CISA advisory here and Adobe’s security updates here.
Stay Informed
If you found this article insightful, we invite you to share your thoughts in the comments below and follow us on Twitter and LinkedIn for more updates on cybersecurity and technology news.