Acclaim is added by CISA USAHERDS's KEV Catalog Vulnerability Amid Active Exploitation
Based on evidence of active exploitation in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity security issue affecting Acclaim Systems USAHERDS to its list of known exploited vulnerabilities (KEV) on Monday. The flaw has since been patched. CVE-2021-44207 (CVSS score: 8.1) is a vulnerability in Acclaim USAHERDS that involves static, hard-coded credentials that may eventually enable an attacker to run arbitrary code on vulnerable servers.
Based on evidence of active exploitation in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity security issue affecting Acclaim Systems USAHERDS to its list of known exploited vulnerabilities (KEV) on Monday. The flaw has since been patched. CVE-2021-44207 (CVSS score: 8.1) is a vulnerability in Acclaim USAHERDS that involves static, hard-coded credentials that may eventually enable an attacker to run arbitrary code on vulnerable servers.
It specifically addresses the use of static ValidationKey and DecryptionKey values in versions 7.4.0.1 and before, which might be exploited to execute code remotely on the application's server. To get the keys in the first place, an attacker would need to use some other strategy. "These keys are used to provide security for the application ViewState," Mandiant, a company owned by Google, stated in a December 2021 alert regarding the patch. "A threat actor with knowledge of these keys can trick the application server into deserializing maliciously crafted ViewState data."
"A malicious ViewState that passes the MAC check and is deserialized by the server can be created by a threat actor who knows the validation key and decryption key for a web application. The server may execute code as a result of this deserialization. The China-affiliated APT41 threat actor exploited CVE-2021-44207 as a zero-day vulnerability in 2021 as part of assaults against six U.S. states, while there are no recent reports of the vulnerability being utilized as a weapon in actual attacks.
By January 13, 2025, Federal Civilian Executive Branch (FCEB) agencies are advised to implement vendor-provided mitigations to protect their networks from active threats. This comes after Adobe issued a warning on a major security hole in ColdFusion (CVE-2024-53961, CVSS score: 7.8), claiming that there is already a known proof-of-concept (PoC) exploit that might result in an arbitrary file system read. In ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12, the vulnerability has been fixed. It is recommended that users apply the updates as soon as possible in order to reduce any potential dangers.