CISA Adds 17 Vulnerabilities to List of Bugs Exploited in Attacks
This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog.
The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.
"Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise," explains CISA.
"BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information."
The vulnerabilities listed in the catalog allow threat actors to perform a variety of attacks, including stealing credentials, gaining access to networks, remotely executing commands, downloading and executing malware, or stealing information from devices.
With the addition of these 17 vulnerabilities, the catalog now contains a total of 341 vulnerabilities and includes the date by which agencies must apply security updates to resolve the bug.
The seventeen new vulnerabilities added this week are listed below, with CISA requiring 10 of them to be patched within the first week of February.
| CVE Numarası | CVE Başlığı | Gerekli İşlem Son Tarihi |
| CVE-2021-32648 | October CMS Improper Authentication | 2/1/2022 |
| CVE-2021-21315 | System Information Library for node.js Command Injection Vulnerability | 2/1/2022 |
| CVE-2021-21975 | Server Side Request Forgery in vRealize Operations Manager API Vulnerability | 2/1/2022 |
| CVE-2021-22991 | BIG-IP Traffic Microkernel Buffer Overflow Vulnerability | 2/1/2022 |
| CVE-2021-25296 | Nagios XI OS Command Injection Vulnerability | 2/1/2022 |
| CVE-2021-25297 | Nagios XI OS Command Injection Vulnerability | 2/1/2022 |
| CVE-2021-25298 | Nagios XI OS Command Injection Vulnerability | 2/1/2022 |
| CVE-2021-33766 | Microsoft Exchange Server Information Disclosure Vulnerability | 2/1/2022 |
| CVE-2021-40870 | Aviatrix Controller Unrestricted Upload of File Vulnerability | 2/1/2022 |
| CVE-2021-35247 | SolarWinds Serv-U Improper Input Validation Vulnerability | 02/04/2022 |
| CVE-2020-11978 | Apache Airflow Command Injection Vulnerability | 18.07.2022 |
| CVE-2020-13671 | Drupal Core Unrestricted Upload of File Vulnerability | 18.07.2022 |
| CVE-2020-13927 | Apache Airflow Experimental API Authentication Bypass Vulnerability | 18.07.2022 |
| CVE-2020-14864 | Oracle Corporate Business Intelligence Enterprise Edition Path Traversal Vulnerability | 18.07.2022 |
| CVE-2006-1547 | Apache Struts 1 ActionForm Denial of Service Vulnerability | 07/21/2022 |
| CVE-2012-0391 | Apache Struts 2 Improper Input Validation Vulnerability | 07/21/2022 |
| CVE-2018-8453 | Microsoft Windows Win32k Privilege Escalation Vulnerability | 07/21/2022 |
Of particular interest are the CVE-2021-32648 and CVE-2021-35247 vulnerabilities, which were disclosed this week to be actively exploited in attacks.
The 'October CMS Improper Authentication' vulnerability tracked as CVE-2021-32648 must be patched by February 1st, 2022, due to its recent use to hack and deface Ukrainian government websites.
While Ukraine blames these attacks on Russia, some security experts attribute the attacks to a Belarus-tied hacking group known as Ghostwriter.
CVE-2021-35247 olarak izlenen yeni 'SolarWinds Serv-U Uygunsuz Giriş Doğrulaması' güvenlik açığının, Microsoft tarafından Log4j saldırılarını LDAP sunucuları olarak yapılandırılmış Windows etki alanı denetleyicilerine yaymak için kullanıldığı keşfedildi.
Windows etki alanı denetleyicileri Log4j açıklarından yararlanmaya karşı savunmasız olmadığından Serv-U güvenlik açığını kullanan saldırılar sonuçta başarısız olsa da, CISA, kurumların güvenlik açığını 4 Şubat 2022'ye kadar düzeltmesini şart koşuyor.
It is strongly recommended that all security professionals and admins review the Known Exploited Vulnerabilities Catalog and patch any within their environment.
Sign up for the e-mail list to be informed about the developments in the cyber world and to be informed about the weekly newsletter.
Haber bültenine kaydolduğunuz için teşekkürler!
Something went wrong.