The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog.
The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.
Below is the list of the vulnerabilities added to the catalog:
|CVE ID||Description||Patch Deadline|
|CVE-2021-36934||Microsoft Windows SAM Local Privilege Escalation Vulnerability||2/24/2022|
|CVE-2020-0796||Microsoft SMBv3 Remote Code Execution Vulnerability||8/10/2022|
|CVE-2018-1000861||Jenkins Stapler Web Framework Deserialization of Untrusted Data||8/10/2022|
|CVE-2017-9791||Apache Struts 1 Improper Input Validation Vulnerability||8/10/2022|
|CVE-2017-8464||Microsoft Windows Shell (.lnk) Remote Code Execution||8/10/2022|
|CVE-2017-10271||Oracle Corporation WebLogic Server Remote Code Execution||8/10/2022|
|CVE-2017-0263||Microsoft Win32k Privilege Escalation Vulnerability||8/10/2022|
|CVE-2017-0262||Microsoft Office Remote Code Execution Vulnerability||8/10/2022|
|CVE-2017-0145||Microsoft SMBv1 Remote Code Execution Vulnerability||8/10/2022|
|CVE-2017-0144||Microsoft SMBv1 Remote Code Execution Vulnerability||8/10/2022|
|CVE-2016-3088||Apache ActiveMQ Improper Input Validation Vulnerability||8/10/2022|
|CVE-2015-2051||D-Link DIR-645 Router Remote Code Execution||8/10/2022|
|CVE-2015-1635||Microsoft HTTP.sys Remote Code Execution Vulnerability||8/10/2022|
|CVE-2015-1130||Apple OS X Authentication Bypass Vulnerability||8/10/2022|
|CVE-2014-4404||Apple OS X Heap-Based Buffer Overflow Vulnerability||8/10/2022|
One of the vulnerabilities is an elevation of privilege vulnerability in Microsoft Windows SAM (Security Accounts Manager) vulnerability.
“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.” reads the advisory published by Microsoft. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”
The US agency also added the CVE-2015-2051 remote code execution flaw impacting D-Link DIR-645 routers. In November, researchers at AT&T discovered a new BotenaGo botnet that was using thirty-three exploits to target millions of routers and IoT devices, including one for the above RCE.
Among the issues added to the catalog there are also old vulnerabilities, such as the CVE-2014-4404 Apple OS X Heap-Based buffer overflow vulnerability. Another older issue added to the catalog is CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware.
With the addition of these 15 vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 368.
(SecurityAffairs – hacking, CISA)