CISA adds 17 vulnerabilities to list of bugs exploited in attacks

This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the “Catalogue of Known Exploited Vulnerabilities”.

The “Catalog of Known Exploited Vulnerabilities” is a list of vulnerabilities that have been seen abused by threat actors during attacks and that are to be patched by Federal Civilian Executive Branch (FCEB) agencies.

“Binding Operational Directive (BOD) 22-01: Reduce Significant Risk of Known Exploited Vulnerabilities established the Catalog of Known Exploited Vulnerabilities as a living list of known CVEs that pose significant risk to the Federal enterprise,” CISA explains.

“BOD 22-01 requires FCEB agencies to patch identified vulnerabilities by the due date to protect FCEB networks from active threats. See BOD 22-01 Information Sheet for more information.”

The vulnerabilities listed in the catalog allow hackers to perform a variety of attacks, including stealing credentials, gaining access to networks, executing remote commands, downloading and executing malware, or theft of information from devices.

With the addition of these 17 vulnerabilities, the catalog now contains a total of 341 vulnerabilities and includes the date when agencies should apply security updates to resolve the bug.

The seventeen new vulnerabilities added this week are listed below, with CISA requiring 10 of them to be patched in the first week of February.

CVE number CVE Title Required action due date
CVE-2021-32648 October CMS Incorrect Authentication 02/01/2022
CVE-2021-21315 System Information Library for node.js Command Injection Vulnerability 02/01/2022
CVE-2021-21975 Server-Side Request Forgery in vRealize Operations Manager API Vulnerability 02/01/2022
CVE-2021-22991 Microkernel Buffer Overflow Vulnerability in BIG-IP Traffic 02/01/2022
CVE-2021-25296 Nagios XI OS Command Injection Vulnerability 02/01/2022
CVE-2021-25297 Nagios XI OS Command Injection Vulnerability 02/01/2022
CVE-2021-25298 Nagios XI OS Command Injection Vulnerability 02/01/2022
CVE-2021-33766 Microsoft Exchange Server Information Disclosure Vulnerability 02/01/2022
CVE-2021-40870 Aviatrix Controller Unlimited File Vulnerability Download 02/01/2022
CVE-2021-35247 SolarWinds Serv-U Bad Input Validation Vulnerability 02/04/2022
CVE-2020-11978 Apache Airflow command injection vulnerability 07/18/2022
CVE-2020-13671 Drupal Core Unlimited File Download Vulnerability 07/18/2022
CVE-2020-13927 Apache Airflow Experimental API Authentication Bypass Vulnerability 07/18/2022
CVE-2020-14864 Path Traversal Vulnerability in Oracle Corporate Business Intelligence Enterprise Edition 07/18/2022
CVE-2006-1547 Denial of Service Vulnerability in Apache Struts 1 ActionForm 07/21/2022
CVE-2012-0391 Apache Struts 2 Bad Input Validation Vulnerability 07/21/2022
CVE-2018-8453 Privilege Escalation Vulnerability in Microsoft Windows Win32k 07/21/2022

Of particular interest are the CVE-2021-32648 and CVE-2021-35247 vulnerabilities, which were revealed this week to be actively exploited in attacks.

The “October CMS Improper Authentication” vulnerability identified as CVE-2021-32648 is to be patched by February 1, 2022, due to its recent use to hack and deface Ukrainian government websites.

While Ukraine attributes the attacks to Russia, some security experts attribute the attacks to a Belarus-linked hacking group known as Ghostwriter.

The new “SolarWinds Serv-U Improper Input Validation” vulnerability identified as CVE-2021-35247 has been discovered by Microsoft to be exploited to propagate Log4j attacks to Windows domain controllers configured as LDAP servers.

Although attacks using the Serv-U vulnerability ultimately failed as Windows domain controllers were not vulnerable to Log4j exploits, CISA is asking agencies to fix the vulnerability by February 4, 2022.

It is strongly recommended that all security professionals and administrators review the catalog of known exploited vulnerabilities and patch any that are in their environment.

Previous Business News | Stock and Equity Market News | Financial News
Next Dark Souls 3 exploit could allow hackers to take over your entire computer