Cyber Security

CISA adds 15 new vulnerabilities to exploit catalog

Published

on

The Cybersecurity and Infrastructure Security Agency (CISA) has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.

These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose a significant risk to the federal enterprise, CISA says. 

CVE NumberCVE TitleRemediation Due Date
CVE-2021-36934Microsoft Windows SAM Local Privilege Escalation Vulnerability2/24/2022
CVE-2020-0796Microsoft SMBv3 Remote Code Execution Vulnerability8/10/2022
CVE-2018-1000861Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability8/10/2022
CVE-2017-9791Apache Struts 1 Improper Input Validation Vulnerability8/10/2022
CVE-2017-8464Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability8/10/2022
CVE-2017-10271Oracle Corporation WebLogic Server Remote Code Execution Vulnerability8/10/2022
CVE-2017-0263Microsoft Win32k Privilege Escalation Vulnerability8/10/2022
CVE-2017-0262Microsoft Office Remote Code Execution Vulnerability8/10/2022
CVE-2017-0145Microsoft SMBv1 Remote Code Execution Vulnerability8/10/2022
CVE-2017-0144Microsoft SMBv1 Remote Code Execution Vulnerability8/10/2022
CVE-2016-3088 Apache ActiveMQ Improper Input Validation Vulnerability8/10/2022
CVE-2015-2051D-Link DIR-645 Router Remote Code Execution8/10/2022
CVE-2015-1635Microsoft HTTP.sys Remote Code Execution Vulnerability8/10/2022
CVE-2015-1130Apple OS X Authentication Bypass Vulnerability8/10/2022
CVE-2014-4404Apple OS X Heap-Based Buffer Overflow Vulnerability8/10/2022

More than half of the flaws are classified as remote code execution (RCE) vulnerabilities, one of the most dangerous types of vulnerabilities, as it gives the attacker the ability to run almost any code on the hacked site. “RCE, and other flaws such as XSS (Cross-Site Scripting), have long been included on the OWASP Top 10 list, so why aren’t companies better equipped to protect against these attacks?” says Pravin Madhani, CEO and Co-Founder of K2 Cyber Security.

In order to protect against known, as well as unknown vulnerabilities, security teams should put in place an active application security program that detects and remediates vulnerabilities in pre-production, and then secures applications at runtime, Madhani says. In addition, enterprises should look for vulnerability detection tools that pinpoint the problem and provide detailed telemetry for faster remediation. “During production, runtime application protection tools, which sit close to the application and confirm if it is executing correctly, can protect applications from any vulnerabilities missed during the build process.”

With many security teams being overworked and overwhelmed, the clarity from CISA on what deserves their priority and attention is of great value, says Bud Broomhead, CEO at Viakoo. But, with close to 170,000 known vulnerabilities, priority should be given to the ones causing real damage right now, not ones that, in theory, could cause damage, Broomhead adds. 

In addition, cybercriminals are leveraging older vulnerabilities in exploits against new device targets, specifically the Internet of Things (IoT) devices, Broomhead explains. “A good example of this are vulnerabilities that enable man-in-the-middle attacks; virtually all IT systems are protected against this threat, but IoT systems often are not, leading threat actors to revisit these older vulnerabilities knowing that network-connected IoT devices can be exploited through them. This would lead to a vulnerability discovered years ago being added recently to the CISA catalog,” he says. 

Source: https://www.securitymagazine.com/articles/97071-cisa-adds-15-new-vulnerabilities-to-exploit-catalog

Click to comment
Exit mobile version