The Cybersecurity and Infrastructure Security Agency (CISA) has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.
These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose a significant risk to the federal enterprise, CISA says.
| CVE Number | CVE Title | Remediation Due Date |
CVE-2021-36934 |
Microsoft Windows SAM Local Privilege Escalation Vulnerability |
2/24/2022 |
CVE-2020-0796 |
Microsoft SMBv3 Remote Code Execution Vulnerability |
8/10/2022 |
CVE-2018-1000861 |
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability |
8/10/2022 |
CVE-2017-9791 |
Apache Struts 1 Improper Input Validation Vulnerability |
8/10/2022 |
CVE-2017-8464 |
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability |
8/10/2022 |
CVE-2017-10271 |
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability |
8/10/2022 |
CVE-2017-0263 |
Microsoft Win32k Privilege Escalation Vulnerability |
8/10/2022 |
CVE-2017-0262 |
Microsoft Office Remote Code Execution Vulnerability |
8/10/2022 |
CVE-2017-0145 |
Microsoft SMBv1 Remote Code Execution Vulnerability |
8/10/2022 |
CVE-2017-0144 |
Microsoft SMBv1 Remote Code Execution Vulnerability |
8/10/2022 |
CVE-2016-3088 |
Apache ActiveMQ Improper Input Validation Vulnerability |
8/10/2022 |
CVE-2015-2051 |
D-Link DIR-645 Router Remote Code Execution |
8/10/2022 |
CVE-2015-1635 |
Microsoft HTTP.sys Remote Code Execution Vulnerability |
8/10/2022 |
CVE-2015-1130 |
Apple OS X Authentication Bypass Vulnerability |
8/10/2022 |
CVE-2014-4404 |
Apple OS X Heap-Based Buffer Overflow Vulnerability |
8/10/2022 |
More than half of the flaws are classified as remote code execution (RCE) vulnerabilities, one of the most dangerous types of vulnerabilities, as it gives the attacker the ability to run almost any code on the hacked site. “RCE, and other flaws such as XSS (Cross-Site Scripting), have long been included on the OWASP Top 10 list, so why aren’t companies better equipped to protect against these attacks?” says Pravin Madhani, CEO and Co-Founder of K2 Cyber Security.
In order to protect against known, as well as unknown vulnerabilities, security teams should put in place an active application security program that detects and remediates vulnerabilities in pre-production, and then secures applications at runtime, Madhani says. In addition, enterprises should look for vulnerability detection tools that pinpoint the problem and provide detailed telemetry for faster remediation. “During production, runtime application protection tools, which sit close to the application and confirm if it is executing correctly, can protect applications from any vulnerabilities missed during the build process.”
With many security teams being overworked and overwhelmed, the clarity from CISA on what deserves their priority and attention is of great value, says Bud Broomhead, CEO at Viakoo. But, with close to 170,000 known vulnerabilities, priority should be given to the ones causing real damage right now, not ones that, in theory, could cause damage, Broomhead adds.
In addition, cybercriminals are leveraging older vulnerabilities in exploits against new device targets, specifically the Internet of Things (IoT) devices, Broomhead explains. “A good example of this are vulnerabilities that enable man-in-the-middle attacks; virtually all IT systems are protected against this threat, but IoT systems often are not, leading threat actors to revisit these older vulnerabilities knowing that network-connected IoT devices can be exploited through them. This would lead to a vulnerability discovered years ago being added recently to the CISA catalog,” he says.
