US Cyber Command: Patch Critical Atlassian Bug Now
US government security experts have urged system administrators to patch two critical flaws in widely used Cisco and Atlassian products, exposing them to compromise.
In a rare move, US Cyber Command took to Twitter before the Labor Day holiday weekend on Friday to address the Atlassian bug.
“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already—this cannot wait until after the weekend,” it warned.
Atlassian issued a patch for the vulnerability in its popular web-based collaboration platform on August 25. The developer said that if exploited, the Open Graph Navigation Library (OGNL) bug would allow an unauthenticated user to execute arbitrary code on a Confluence server or datacenter instance.
OGNL was also exploited by the attackers who breached Equifax in 2018 via Apache Struts 2 vulnerability CVE-2018-11776.
Also, at the end of last week, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging admins to patch a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS).
Impacting version 4.5.1 of the product, CVE-2021-34746 could allow a remote attacker to take control of an affected system.
“This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script,” Cisco explained.
“An attacker co ..
Support the originator by clicking the read the rest link below.