CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Pierluigi Paganini January 31, 2022

The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in attacks in the wild.

The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited Vulnerabilities Catalog.

The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

Below is the list of the new entries in the catalog:

CVE IDDescriptionPatch Deadline
CVE-2022-22587Apple IOMobileFrameBuffer Memory Corruption Vulnerability2/11/2022
CVE-2021-20038SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability2/11/2022
CVE-2014-7169GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability7/28/2022
CVE-2014-6271GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability7/28/2022
CVE-2020-0787Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability7/28/2022
CVE-2014-1776Microsoft Internet Explorer Use-After-Free Vulnerability7/28/2022
CVE-2020-5722Grandstream Networks UCM6200 Series SQL Injection Vulnerability7/28/2022
CVE-2017-5689Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability7/28/2022

“CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.” reads the announcement published by CISA. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.”

With the addition of these eight vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 351.

Among the recent entries, there is the CVE-2022-22587 memory corruption issue that resides in the IOMobileFrameBuffer and affects iOS, iPadOS, and macOS Monterey. The exploitation of this flaw leads to arbitrary code execution with kernel privileges on compromised devices.

A few days ago, Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices.

CISA is ordering federal agencies to address the CVE-2022-22587 flaw by February 11, 2022, along with the CVE-2021-20038 vulnerability in SonicWall SMA 100 Appliances.

The vulnerability is an unauthenticated stack-based buffer overflow that was reported by Jacob Baines, lead security researcher at Rapid7. The CVE-2021-20038 vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the web application firewall (WAF) is enabled.

A remote attacker can exploit the vulnerability to execute arbitrary code as the ‘nobody’ user in compromised SonicWall appliances.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment