The in-the-wild exploitation, as tagged by CISA, follows watchTowr’s public disclosure of the vulnerability, along with a proof of concept (PoC) exploit, in February 2024. While it is hard to tell if threat actors picked up watchTowr’s PoC exploits for the said attacks, it appears the latter was aware of the risks involved in disclosures.
“As an industry, we believe that we’ve come to a common consensus after 25 years of circular debates – disclosure is terrible, information is actually dangerous, it’s best that it’s not shared, and the only way to really ensure that no one ever uses information in a way that you don’t like (this part is key) is to make up terms for your way of doing things,” watchTowr had said in the blog post.
Quite interestingly, a day after the CISA alert, watchTowr pulled the curtains on another critical vulnerability in Veeam backup servers that allowed remote code execution.