The Cyber Security & Infrastructure Security Agency (CISA) has added 41 known exploitable vulnerabilities, including vulnerabilities in the Android kernel and Cisco IOS XR, to its list of vulnerabilities likely to be used in attacks.
The added vulnerabilities are wide-ranging, with the oldest being a vulnerability in Cisco IOS XR that was disclosed in 2016 and the most recent being a recently fixed vulnerability in Cisco IOS XR.
The vulnerability in Cisco IOS XR, traced as CVE-2022-20821, allows an attacker to write arbitrary files to the containerized file system, retrieve Redis database information, and write to the Redis in-memory database This will be done.
In addition to this, two other vulnerabilities are known to exist in the Android Linux Kernel, which are tracked as CVE-2021-1048 and CVE-2021-0920. Both of these vulnerabilities are present in the Linux Kernel, but have only been confirmed to be used in limited attacks against Android devices.
In the garbage collection of Unix domain socket file handlers in the Linux kernel, a read-after-free memory vulnerability in the way users simultaneously call close() and fget() found and could cause a race condition
For CVE-2021-1048, Google’s Threat Analysis Group (TAG) recently reported that it was used with other zero-day in an attack chain to install the Predator spyware.
CISA requires federal agencies to apply security updates for Android and Cisco vulnerabilities by June 13, 2022.
The remaining 38 flaws added to CISA’s catalog are all known to be actively exploited, so the agency is only including them as part of the flaws it adds periodically.
The vulnerabilities relate to software products from Cisco, Microsoft, Apple, Google, Mozilla, Facebook, Adobe, and Webkit GTK and are from 2018-2021.
Included is a Windows privilege escalation vulnerability tracked as CVE-2020-0638, which was disclosed in 2020 but is still found to be used by the Conti ransomware gang in attacks against corporate networks.
As threat actors continue to use older vulnerabilities in their attacks, administrators should install updates on all devices, including older versions that may still be running in the corporate environment.
CISA requires federal agencies to fix all of the added vulnerabilities by June 13, 2022, and the other 20 vulnerabilities must be fixed by June 14, 2022.
A current list of exploited vulnerabilities can be found in CISA’s Known Exploited Vulnerabilities Catalog.