The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild.

The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog.

The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

Below is the list of the vulnerabilities added to the catalog:

CVE ID Description Patch Deadline
CVE-2021-36934 Microsoft Windows SAM Local Privilege Escalation Vulnerability 2/24/2022
CVE-2020-0796 Microsoft SMBv3 Remote Code Execution Vulnerability 8/10/2022
CVE-2018-1000861 Jenkins Stapler Web Framework Deserialization of Untrusted Data 8/10/2022
CVE-2017-9791 Apache Struts 1 Improper Input Validation Vulnerability 8/10/2022
CVE-2017-8464 Microsoft Windows Shell (.lnk) Remote Code Execution 8/10/2022
CVE-2017-10271 Oracle Corporation WebLogic Server Remote Code Execution 8/10/2022
CVE-2017-0263 Microsoft Win32k Privilege Escalation Vulnerability 8/10/2022
CVE-2017-0262 Microsoft Office Remote Code Execution Vulnerability 8/10/2022
CVE-2017-0145 Microsoft SMBv1 Remote Code Execution Vulnerability 8/10/2022
CVE-2017-0144 Microsoft SMBv1 Remote Code Execution Vulnerability 8/10/2022
CVE-2016-3088  Apache ActiveMQ Improper Input Validation Vulnerability 8/10/2022
CVE-2015-2051 D-Link DIR-645 Router Remote Code Execution 8/10/2022
CVE-2015-1635 Microsoft HTTP.sys Remote Code Execution Vulnerability 8/10/2022
CVE-2015-1130 Apple OS X Authentication Bypass Vulnerability 8/10/2022
CVE-2014-4404 Apple OS X Heap-Based Buffer Overflow Vulnerability 8/10/2022

One of the vulnerabilities is an elevation of privilege vulnerability in Microsoft Windows SAM (Security Accounts Manager) vulnerability.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.” reads the advisory published by Microsoft. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

The US agency also added the CVE-2015-2051 remote code execution flaw impacting D-Link DIR-645 routers. In November, researchers at AT&T discovered a new BotenaGo botnet that was using thirty three exploits to target millions of routers and IoT devices, including one for the above RCE.

Among the issued added to the catalog there are also old vulnerabilities, such as the CVE-2014-4404 Apple OS X Heap-Based buffer overflow vulnerability. Another older issue added to the catalog is CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware.

With the addition of these 15 vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 368.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

The post CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

Go to Source of this post
Author Of this post: Pierluigi Paganini

By admin