457/67 Wednesday, December 25, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Acclaim Systems’ USAHERDS, identified as CVE-2021-44207 with a CVSS severity score of 8.1, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves the use of hardcoded credentials, allowing attackers to execute malicious code on the system. It has been previously exploited by the Chinese APT41 group to attack multiple U.S. government networks. The affected versions include USAHERDS 7.4.0.1 and earlier.
USAHERDS is a web application developed by Acclaim Systems to assist U.S. government agencies in tracking and managing animal health, as well as controlling disease outbreaks. It is part of the AgraGuard product suite, which supports agriculture and food safety operations. Other applications in the suite include USALIMS, USAPlants, USAFoodSafety, and USAMeals.
To mitigate the risks associated with this vulnerability, federal civilian executive branch (FCEB) agencies are required to address the issue within a specified timeframe. CISA has set a deadline of January 13, 2025, for the remediation of the vulnerability to prevent further exploitation and ensure prompt resolution of related issues.
