Identification of the critical arbitrary code execution bugs, tracked as CVE-2024-4879 and CVE-2024-5217, as well as the medium severity flaw, tracked as CVE-2024-5178, has been followed by widespread network scanning for vulnerable instances, which have been targeted with a payload injection for server response result checking prior to second-stage payload deployment, a Resecurity analysis showed. Successful compromise has mostly resulted in the exposure of hashed user lists and account credentials although some instances leaked plaintext credentials, according to Resecurity researchers, who also observed elevated interest in the flaws from cybercriminals who have been looking to secure IT service desk and corporate portal access.
Source: SC Magazine