CISA warns of attacks on WPS Office and VigorConnect
CISA warns that vulnerabilities in WPS Office and VigorConnect are under attack in the wild. Updates are available.
(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)
The US IT security authority CISA is currently warning that vulnerabilities in Kingsoft's WPS Office and Draytek's VigorConnect are being attacked in the wild. Updated software is available to patch the exploited vulnerabilities. IT managers should update their programs to the latest version as soon as possible.
CISA maintains a catalog of actively exploited vulnerabilities (Known Exploited Vulnerabilities) and has now added gaps in WPS Office and VigorConnect to it. This means that active cyberattacks have recently been observed. Unfortunately, CISA does not provide any details on what the attacks look like, what their scope is and how a successful exploitation of the vulnerability could be detected by admins.
Young and old vulnerabilities in the focus of attackers
In Kingsoft's WPS Office prior to version 12.2.0.16412 for Windows, there is a gaping hole through which attackers can force the loading of an arbitrary Windows library. The cause is an insufficient path check in the file promecefpluginhost.exe (CVE-2024-7262, CVSS 9.3, risk"critical"). The vulnerability was discovered and closed in mid-August this year. Apparently, this vulnerability was abused as a "one-click exploit" with a carefully crafted table document.
Videos by heise
Criminals have also attacked older vulnerabilities in Draytek's network management software VigorConnect. The vulnerabilities allow attackers to download arbitrary files with root or admin rights from the underlying operating system – Linux or Windows –, for example /etc/passwd or win.ini, tenable explains in a warning. Without prior login, this was possible through the WebServlet endpoint (CVE-2021-20124, CVSS 7.5, risk"high") and through the DownloadFileServlet endpoint (CVE-2021-20123, CVSS 7.5, high). The vulnerabilities were discovered in VigorConnect 1.6.0-B3, version 1.6.1 from October 2021 closes them. Anyone still using such old management software should therefore update it to the latest version.
At the end of last week, it became known that security vulnerabilities in Avtech IP cameras had been attacked. The masterminds turned them into drones for the Mirai botnet.
(dmk)
