CISA adds 17 vulnerabilities to list of bugs exploited in attacks [UPDATE]

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,143
Content source
https://www.bleepingcomputer.com/news/security/cisa-adds-17-vulnerabilities-to-list-of-bugs-exploited-in-attacks/
This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog.
The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.
"Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise," explains CISA.
"BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information."
Click to expand...
CVE NumberCVE TitleRequired Action Due Date
CVE-2021-32648October CMS Improper Authentication2/1/2022
CVE-2021-21315System Information Library for node.js Command Injection Vulnerability2/1/2022
CVE-2021-21975Server Side Request Forgery in vRealize Operations Manager API Vulnerability2/1/2022
CVE-2021-22991BIG-IP Traffic Microkernel Buffer Overflow Vulnerability2/1/2022
CVE-2021-25296Nagios XI OS Command Injection Vulnerability2/1/2022
CVE-2021-25297Nagios XI OS Command Injection Vulnerability2/1/2022
CVE-2021-25298Nagios XI OS Command Injection Vulnerability2/1/2022
CVE-2021-33766Microsoft Exchange Server Information Disclosure Vulnerability2/1/2022
CVE-2021-40870Aviatrix Controller Unrestricted Upload of File Vulnerability2/1/2022
CVE-2021-35247SolarWinds Serv-U Improper Input Validation Vulnerability02/04/2022
CVE-2020-11978Apache Airflow Command Injection Vulnerability7/18/2022
CVE-2020-13671Drupal Core Unrestricted Upload of File Vulnerability7/18/2022
CVE-2020-13927Apache Airflow Experimental API Authentication Bypass Vulnerability7/18/2022
CVE-2020-14864Oracle Corporate Business Intelligence Enterprise Edition Path Traversal Vulnerability7/18/2022
CVE-2006-1547Apache Struts 1 ActionForm Denial of Service Vulnerability07/21/2022
CVE-2012-0391Apache Struts 2 Improper Input Validation Vulnerability07/21/2022
CVE-2018-8453Microsoft Windows Win32k Privilege Escalation Vulnerability07/21/2022
Click to expand...
 
  • Like
Reactions: Venustus, Fel Grossi, Knoxjale and 5 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,143
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new. The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates by a specified strict deadline. As all of the vulnerabilities in the catalog are leveraged in active threats and current cyber-attacks, they carry a significant risk to organizations, allowing the takeover of mobile devices, network access, the ability to execute commands remotely. The eight flaws added by CISA last week are listed below:

CVE IDDescriptionPatch Deadline
CVE-2022-22587Apple IOMobileFrameBuffer Memory Corruption Vulnerability2/11/2022
CVE-2021-20038SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability2/11/2022
CVE-2014-7169GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability7/28/2022
CVE-2014-6271GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability7/28/2022
CVE-2020-0787Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability7/28/2022
CVE-2014-1776Microsoft Internet Explorer Use-After-Free Vulnerability7/28/2022
CVE-2020-5722Grandstream Networks UCM6200 Series SQL Injection Vulnerability7/28/2022
CVE-2017-5689Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability7/28/2022
Click to expand...
www.bleepingcomputer.com

CISA adds 8 vulnerabilities to list of actively exploited bugs

The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Venustus, Fel Grossi, Gandalf_The_Grey and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
Replies
0
Views
1,061
News Archive
silversurfer
silversurfer
CyberPanther
    • Like
Security News VULNERABILITIES Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
Replies
0
Views
715
Security News
CyberPanther
CyberPanther
MuzzMelbourne
    • Like
    • Thanks
Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor
Replies
1
Views
1,617
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top