U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Acclaim Systems USAHERDS vulnerability to its Known Exploited Vulnerabilities catalog.
The vulnerability was exploited by the Chinese cyber-espionage group APT41 to breach multiple U.S. state government networks.
The flaw is rooted in the use of hard-coded credentials and allows arbitrary code execution on affected systems.
CISA has ordered federal agencies to fix this vulnerability by January 13, 2025.