Once the malicious JavaScript executes, attackers gain control of the admin session with full privileges to remotely control endpoints and install software on devices.
Nick Tausek, lead security automation architect at Swimlane, warned, “Exploitation of this flaw would grant threat actors access to many managed devices at once, allowing for the execution of malicious code, deployment of ransomware, or exfiltration of sensitive data.”
The patching challenge
Despite the severity of such threats, organizations frequently struggle to address critical vulnerabilities quickly: Tausek said Swimlane research found 68% of organizations leave critical flaws unpatched for over 24 hours and 55% don’t have a comprehensive system for prioritizing vulnerabilities.
