The Download
Non-profit threat intelligence firm Shadowserver warned of a critical vulnerability in PHP CGI web application code tracked under CVE-2024-4577. Shadowserver runs a network of honeypots to track exploitation attempts. Within 24 hours of the release of CVE-2024-4577 on June 6th, 2024, Shadowserver reported exploit PoC code was publicly available, and Internet scanning and exploitation attempts of this vulnerability began. The vulnerability affects Windows web servers and allows arbitrary code execution from unauthenticated users.
What You Can Do
The widespread distribution of PHP CGI in web servers, the public release of PoC code, coupled with the threat intelligence of initial active exploitation makes this an urgent vulnerability to scan for and mitigate. It is strongly recommended to upgrade to the latest PHP versions of 8.3.8, 8.2.20, and 8.1.29. Alternatively If you cannot upgrade, code to mitigate the vulnerability is available. The first step is to understand whether you are vulnerable to this attack. We suggest using ThreatMate's pen testing as a service (PTaaS) to scan web servers for vulnerabilities.
To Learn More: