What is CVE-2021-44207?
CVE-2021-44207 is a critical security vulnerability identified in Acclaim Systems’ USAHERDS application, specifically in versions up to 7.4.0.1. The flaw arises from the use of hard-coded credentials, such as static ValidationKey and DecryptionKey values, which can be exploited to achieve remote code execution on the server hosting the application.
When Was the Vulnerability Discovered?
The vulnerability was publicly disclosed in December 2021. Subsequent analyses revealed that it had been actively exploited as a zero-day by threat actors, notably the China-linked group APT41 (also known as BARIUM, BRASS TYPHOON, and WICKED PANDA), during attacks on at least six U.S. state government networks. Armis CentrixTM for Early Warning, added CVE-2021-44207 to the list of known vulnerabilities being exploited in the wild on March 8, 2022, while CISA added CVE-2021-44207 to their KEV catalog on December 23, 2024, making Armis CentrixTM for Early Warning early by 2.5 years.
Significance of CVE-2024-1212:
Vulnerable component: the component affected by the flaw is the USAHERDS application, a web-based system used by various state governments in the United States for animal health reporting and disease surveillance. Versions up to 7.4.0.1 are susceptible due to the inclusion of hard-coded credentials.
Exploitation scenario: an attacker who obtains the hard-coded ValidationKey and DecryptionKey values can craft a malicious application ViewState data that the server will deserialize, leading to remote code execution. Exploiting this vulnerability requires the attacker to first acquire these keys, potentially through other vulnerabilities or insider threats.
Impact and blast radius: successful exploitation grants attackers the ability to execute arbitrary code on the affected server, compromising the confidentiality, integrity, and availability of the system. Given that USAHERDS is utilized by state governments, a breach could lead to unauthorized access to sensitive animal health data, disruption of disease surveillance operations, and potential lateral movement within government networks.
Value of timely awareness: prompt identification and remediation of this vulnerability are crucial to prevent exploitation. Delays in addressing the issue could result in significant security breaches, data theft, and operational disruptions, especially considering the active exploitation by sophisticated threat actors like China’s APT41.
Mitigation and Protection:
Proactive defense and workarounds: organizations using USAHERDS should immediately apply patches or updates provided by Acclaim Systems to address the hard-coded credentials issue. Alternatively, if patching is not an option, it is recommended to discontinue the use of vulnerable versions to mitigate the risk of compromise. Implementing network segmentation and strict access controls can further reduce the attack surface.
Continuous monitoring and updates: even after patching or hardening, it is highly recommended to monitor impacted systems for anomalous behaviours. Regularly monitor systems for signs of compromise, such as unusual network traffic or unauthorized access attempts. Establish a routine for applying security updates and patches promptly to ensure systems are protected against known exploits. By adhering to these mitigation strategies and maintaining vigilance, organizations can significantly reduce the risk posed by CVE-2021-44207 and enhance their overall security posture.
Stay vigilant and ensure your systems are up-to-date to defend against evolving cybersecurity threats.
Armis Centrix™ for Early Warning is the proactive cybersecurity solution designed to empower organizations with early warning intelligence to anticipate and mitigate cyber risk effectively. By leveraging AI-driven actionable intelligence, Armis Centrix™ provides insights into the vulnerabilities that threat actors are exploiting in the wild or are about to weaponize, allowing organizations to understand their impact and take preemptive action.
Interested in learning more about Armis Centrix™ for Early Warning? Sign up for a demo today!