CISA has warned that a vulnerability added to its Known Exploited Vulnerabilities (KEV) catalog affects TeamT5’s ThreatSonar Anti-Ransomware product and has been exploited in the wild, according to SecurityWeek. The flaw, CVE-2024-7694, is a high-severity arbitrary file-upload issue that was patched in August 2024, and CISA told federal agencies to address it by 10 March.
TeamT5’s ThreatSonar Anti-Ransomware is used in the United States, Japan, and Taiwan, including by government agencies, which helps explain why the vulnerability made the KEV list, as noted by CISA. The advisory published at the time of patching by Taiwan’s TWCERT/CC states that remote attackers with administrator privileges can upload malicious files to execute arbitrary system commands on the server, after which exploitation would require admin rights.
There appears to be no public information on attacks involving CVE-2024-7694, but SecurityWeek notes the possibility of involvement by China-linked threat actors, albeit speculative without supporting evidence. SecurityWeek has reached out to TeamT5 and TWCERT/CC for comment.