US Cyber Command: Patch Critical Atlassian Bug Now

US Cyber Command: Patch Critical Atlassian Bug Now

US government security experts have urged system administrators to patch two critical flaws in widely used Cisco and Atlassian products, exposing them to compromise.





In a rare move, US Cyber Command took to Twitter before the Labor Day holiday weekend on Friday to address the Atlassian bug.



“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already—this cannot wait until after the weekend,” it warned.





Atlassian issued a patch for the vulnerability in its popular web-based collaboration platform on August 25. The developer said that if exploited, the Open Graph Navigation Library (OGNL) bug would allow an unauthenticated user to execute arbitrary code on a Confluence server or datacenter instance.





OGNL was also exploited by the attackers who breached Equifax in 2018 via Apache Struts 2 vulnerability CVE-2018-11776.





Also, at the end of last week, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging admins to patch a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS).





Impacting version 4.5.1 of the product, CVE-2021-34746 could allow a remote attacker to take control of an affected system.





“This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script,” Cisco explained.



“An attacker co ..

Support the originator by clicking the read the rest link below.