CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
Summary
CISA added two actively exploited Roundcube webmail software vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. One of the vulnerabilities, CVE-2024-49113, has a CVSS score of 9.9 and allows for remote code execution through deserialization of untrusted data.
IFF Assessment
FOE
Actively exploited vulnerabilities in widely used software pose a significant risk to organizations.
Severity
9.9
Critical
Defender Context
Defenders should prioritize patching Roundcube installations, especially those accessible from the internet. The inclusion in the KEV catalog indicates that these vulnerabilities are being actively targeted, and successful exploitation could lead to significant compromise. Monitor Roundcube systems for signs of intrusion.