7 vulnerabilities added by CISA that are currently being exploited

CISA-Cybersecurity and Infrastructure Security Agency

The U.S. Cybersecurity Infrastructure Security Administration (CISA) has added seven Microsoft, Linux, and Jenkins vulnerabilities to its list of actively exploited security vulnerabilities.

https://www.cisa.gov/binding-operational-directive-22-01

The Known Exploited Vulnerabilities Catalog is a list of vulnerabilities known to be actively exploited in cyber attacks that are required to be patched by the Federal Civilian Executive Branch (FCEB).

The listed vulnerabilities allow attackers to steal credentials, gain network access, remotely execute commands, download and execute malware, steal information from devices, and more. information from the device.

With the addition of these seven vulnerabilities, the catalog lists 654 vulnerabilities and the dates by which federal agencies must apply the associated patches and security updates.

The seven newly added vulnerabilities are listed below, and CISA requires that all of them be patched by May 16, 2022.

CVE-2022-29464 WSO2 Unconstrained File Upload Vulnerability in Multiple Products
CVE-2022-26904 Microsoft Windows User Profile Service Privilege Escalation Vulnerability
CVE-2022-21919 Microsoft Windows User Profile Service Privilege Escalation Vulnerability
CVE-2022-0847 Privilege escalation vulnerability in the Linux kernel CVE-2021-41357 Microsoft Win32k Privilege Escalation Vulnerability
CVE-2021-40450 Microsoft Win32k Privilege Escalation Vulnerability
CVE-2019-1003029 Jenkins Script Security Plugin Sandbox Bypass Vulnerability

How are these vulnerabilities used in attacks?

CVE-2022-29464

The WSO2 vulnerability tracked as CVE-2022-29464 was disclosed on April 18, 2022 and the public exploit was released a few days later.

Rapid7 researchers soon confirmed that the public PoC was being used in attacks to deploy web shells and coin miners.

CVE-2022-21919, CVE-2022-26904

The Windows “User Profile Service Privilege Escalation” vulnerabilities tracked as CVE-2022-21919 and CVE-2022-26904 were both discovered by Abdelhamid Naceri and fixed in August 2021. This is a workaround for the original vulnerability CVE-2021-34484, which was fixed. Both of these vulnerabilities have public PoCs available and are being used by ransomware groups to deploy laterally in Windows domains.

CVE-2022-0847

The Linux privilege escalation vulnerability known as “DirtyPipe” was traced as CVE-2022-0847 and disclosed in March 2022. A number of proof-of-concept exploits were released shortly after the disclosure, which can be used to gain privileged privileges.

CVE-2021-40450, CVE-2021-41357

The “Microsoft Win32k Privilege Escalation” vulnerabilities tracked as CVE-2021-40450 and CVE-2021-41357 were patched in October 2021, and there is no evidence that they are being exploited in the real world. There are none, but they are on the list.

CVE-2019-1003029

“Jenkins Script Security Plugin Sandbox Bypass” vulnerability, tracked as CVE-2019-1003029, which has been used in the past by Capoae Malware to deploy XMRig cryptominers It is.

All security professionals and administrators are strongly encouraged to review the Known Exploited Vulnerabilities Catalog and apply patches to vulnerabilities in their environment.

Leave a Reply

Your email address will not be published.