CISA and FBI urge companies to take patch actions
CISA and the FBI recommended software companies today to assess their products and fix route traversal security flaws before selling.
Attackers can leverage path traversal vulnerabilities (also known as directory traversal) to create or overwrite important files used to execute malware or circumvent security systems such as authentication.
“Additionally, this Alert highlights the prevalence, and continued threat actor exploitation of, directory traversal defects. Currently, CISA has listed 55 directory traversal vulnerabilities in our Known Exploited Vulnerabilities (KEV) catalog,” says the CISA and FBI joint report.
Impact of these security loops
Such security holes can also allow threat actors to acquire sensitive data, such as credentials, which can then be used to brute-force existing accounts and compromise the targeted systems.
Another option is to disable or limit access to vulnerable systems by overwriting, destroying, or altering critic
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.