Jan 2, 2025 | Impress Computer Solutions | Cybersecurity Insights

Impress Computer Solutions in Houston is alerting businesses to a critical vulnerability in the popular open-source file-sharing application ProjectSend, which has come under active exploitation. This vulnerability, identified as CVE-2024-11680, poses a significant risk to organizations relying on public-facing servers.

The Vulnerability Explained

The flaw, first addressed in May 2023 but only officially patched in August 2024 with version r1720, has a CVSS score of 9.8, marking it as critical. Synacktiv, the firm that discovered the issue, described it as an improper authorization check that allows attackers to execute malicious code on affected servers.

Key exploit capabilities include:

  • Enabling Unauthorized Actions: Attackers can enable user registration and auto-validation.
  • File Upload Manipulation: They can add new entries to the whitelist of allowed file extensions.
  • Arbitrary Code Execution: Ultimately, attackers can execute PHP code on the server.

Exploitation in the Wild

Since September 2024, threat actors have actively targeted public-facing ProjectSend servers, leveraging exploit code from Project Discovery and Rapid7. These attacks go beyond basic vulnerability scans, enabling:

  • Post-Authentication Exploitation: Attackers enable user registration to gain privileges.
  • Web Shell Installation: Malicious scripts are often uploaded to predictable locations, such as upload/files/ in the webroot.

Jacob Baines from VulnCheck notes, “We are likely in the ‘attackers installing web shells’ territory,” highlighting the severity of these attacks.

The Scale of the Threat

An analysis of approximately 4,000 internet-exposed ProjectSend servers revealed that only 1% have applied the patched version (r1750). The majority are running outdated or unnamed versions, leaving them vulnerable to exploitation.

Impress Computer Solutions: Your Cybersecurity Partner

At Impress Computer Solutions, we understand the critical importance of keeping your systems secure. Vulnerabilities like this one highlight the risks of unpatched software in today’s interconnected business environments.

Here’s how we can help:

  1. Vulnerability Assessments: We identify and mitigate risks in your IT infrastructure.
  2. Patch Management: Ensuring your software is always up-to-date with the latest security patches.
  3. Web Server Hardening: Protecting your public-facing systems against unauthorized access and exploitation.
  4. Proactive Monitoring: Detecting and neutralizing threats before they impact your operations.

Act Now to Stay Protected

With active exploitation of ProjectSend underway, the time to act is now. Impress Computer Solutions urges all businesses using ProjectSend to:

  • Upgrade to Version r1750 or Later: Apply the latest patches immediately.
  • Monitor Server Activity: Check for unauthorized actions or web shells in predictable locations.
  • Secure Your Infrastructure: Partner with a trusted IT provider to ensure comprehensive protection.

Contact Impress Computer Solutions in Houston today to secure your IT environment and protect your business from emerging threats.

 

Network Security

Fortify your business against cyber threats with cutting-edge solutions tailored for robust defense and peace of mind