CISA Adds Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities, CVE-2019-9874 and CVE-2019-9875, both affect the Sitecore.Security.AntiCSRF module could allow attackers to execute arbitrary code on vulnerable systems.
Critical Vulnerabilities Details and Impact
CVE-2019-9874, with a CVSS score of 9.8, represents a severe security risk as it allows unauthenticated attackers to exploit a deserialization vulnerability to achieve remote code execution.
The exploit focuses on tampering with the __CSRFTOKEN HTTP POST parameter by injecting a maliciously crafted serialized .NET object.
The second vulnerability, CVE-2019-9875 (CVSS 8.8), affects the same module but requires authentication. While this presents a higher barrier to entry, the attack’s simplicity and potential impact remain significant.
Once logged in, threat actors can weaponize the same deserialization vector to hijack the server.
“The deserialization vulnerability occurs at a stage prior to application logic execution, allowing attackers to bypass security controls entirely.”
Using tools like ysoserial.net, attackers can encode payloads that execute PowerShell commands to establish remote shells or deploy malware without triggering typical security alarms.
The vulnerabilities are summarized as follows:
Risk Factors CVE-2019-9874 CVE-2019-9875 Affected ProductsSitecore CMS 7.0–7.2 and XP 7.5–8.2Sitecore versions up to 9.1.0ImpactRemote Code ExecutionRemote Code ExecutionExploit PrerequisitesUnauthenticated accessAuthenticated accessCVSS 3.1 Score9.8 (Critical)8.8 (High)
These vulnerabilities affect multiple versions of Sitecore software:
CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply available patches no later than April 16, 2025. The vulnerabilities were added to the KEV catalog on March 26, 2025, signaling their active exploitation status.
Mitigation Measures
Sitecore released fixes shortly after the initial discovery of these vulnerabilities in 2019, but many organizations remain unpatched. Mitigation options include:
Organizations unable to immediately apply patches can implement temporary workarounds by denying access to the \Website\sitecore\shell folder on all Sitecore instances or implementing IP-based restrictions to limit access to trusted addresses.
“Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework,” CISA advises.
The resurgence of these six-year-old vulnerabilities highlights the persistent nature of security threats, even for previously disclosed and patched issues.
Security professionals are urged to review their Sitecore deployments immediately and take appropriate action to mitigate these actively exploited vulnerabilities.
#Cyber_Security #Cyber_Security_News #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
CISA Adds Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities
Author: KaaviyaThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities, CVE-2019-9874 and CVE-2019-9875, both affect the Sitecore.Security.AntiCSRF module could allow attackers to execute arbitrary code on vulnerable systems.
Critical Vulnerabilities Details and Impact
CVE-2019-9874, with a CVSS score of 9.8, represents a severe security risk as it allows unauthenticated attackers to exploit a deserialization vulnerability to achieve remote code execution.
The exploit focuses on tampering with the __CSRFTOKEN HTTP POST parameter by injecting a maliciously crafted serialized .NET object.
The second vulnerability, CVE-2019-9875 (CVSS 8.8), affects the same module but requires authentication. While this presents a higher barrier to entry, the attack’s simplicity and potential impact remain significant.
Once logged in, threat actors can weaponize the same deserialization vector to hijack the server.
“The deserialization vulnerability occurs at a stage prior to application logic execution, allowing attackers to bypass security controls entirely.”
Using tools like ysoserial.net, attackers can encode payloads that execute PowerShell commands to establish remote shells or deploy malware without triggering typical security alarms.
The vulnerabilities are summarized as follows:
Risk Factors CVE-2019-9874 CVE-2019-9875 Affected ProductsSitecore CMS 7.0–7.2 and XP 7.5–8.2Sitecore versions up to 9.1.0ImpactRemote Code ExecutionRemote Code ExecutionExploit PrerequisitesUnauthenticated accessAuthenticated accessCVSS 3.1 Score9.8 (Critical)8.8 (High)
These vulnerabilities affect multiple versions of Sitecore software:
- CVE-2019-9874 impacts Sitecore CMS 7.0–7.2 and XP 7.5–8.2
- CVE-2019-9875 affects Sitecore versions up to 9.1.0
CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply available patches no later than April 16, 2025. The vulnerabilities were added to the KEV catalog on March 26, 2025, signaling their active exploitation status.
Mitigation Measures
Sitecore released fixes shortly after the initial discovery of these vulnerabilities in 2019, but many organizations remain unpatched. Mitigation options include:
- For versions prior to 9.0, a hotfix is available via Sitecore KB Article 334035
- For versions 9.0 and above, upgrading to Sitecore 9.1 Update-1 resolves the issue
Organizations unable to immediately apply patches can implement temporary workarounds by denying access to the \Website\sitecore\shell folder on all Sitecore instances or implementing IP-based restrictions to limit access to trusted addresses.
“Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework,” CISA advises.
The resurgence of these six-year-old vulnerabilities highlights the persistent nature of security threats, even for previously disclosed and patched issues.
Security professionals are urged to review their Sitecore deployments immediately and take appropriate action to mitigate these actively exploited vulnerabilities.
#Cyber_Security #Cyber_Security_News #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
