Today CISA announced that it had added two OS command injection vulnerabilities in multiple GeoFence products to their Known Exploited Vulnerabilities (KEV) catalog. The two added vulnerabilities are CVE-2024-6047 and CVE-2024-11120. The vulnerabilities were originally reported by TW-CERT in June and November of 2024 respectively as affecting end-of-life GeoVision products. The initial report for CVE-2024-11120 reported that “this vulnerability has already been exploited by attackers, and we have received related reports.” A public report by Akamai yesterday reported that the two vulnerabilities were being exploited by the Mirai botnet starting in April 2025. The Akamai report includes a number of important IOC diagnostic measures including SNORT rules, YARA rules, C2 domain names, and SHA256 hashes.
CISA is requiring federal agencies employing the affected GeoVision
devices to apply “mitigations per vendor instructions, follow applicable BOD
22-01 guidance for cloud services, or discontinue use of the product if
mitigations are not available.” Since the affected products are all EOL, there
are no available mitigation measures. The deadline for applying those
mitigation measures is May 28th, 2025.
Posts
No comments:
Post a Comment