Original release date: December 10, 2021

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.

CISA encourages users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
 

Original release date: December 9, 2021

Cisco has released a security advisory to address Cisco products affected by multiple vulnerabilities in Apache HTTP Server 2.4.48 and earlier releases. An unauthenticated remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-apache-httpd-2.4.49-VWL69sWQ and apply the necessary updates.

Original release date: December 8, 2021

SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. SMA 100 series appliances provide an organization’s employees with remote access to internal resources. Note: although there are currently no reports of these vulnerabilities being exploited in the wild, in July 2021, CISA warned of threat actors actively targeting a known, previously patched, vulnerability in SonicWall SMA 100 series appliances.

CISA encourages users and administrators to review the SonicWall security advisory and apply the necessary firmware updates as soon as possible.

Original release date: December 6, 2021

Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in the wild.

CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and  ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.

Original release date: December 2, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305. 

This vulnerability was addressed by the update released by Zoho on September 16, 2021 for ServiceDesk Plus versions 11306 and above. If left unpatched, successful exploitation of the vulnerability allows an attacker to upload executable files and place webshells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. Zoho has set up a security response plan center that provides additional details, a downloadable tool that can be run on potentially affected systems, and a remediation guide.

CISA encourages organizations to review the joint Cybersecurity Advisory and apply the recommended mitigations immediately.