The new vulnerabilities are being actively exploited, prompting CISA to advise federal agencies and organizations to patch them in a timely manner.
The Cybersecurity & Infrastructure Security Agency, or CISA, maintains a database of known security vulnerabilities. The goal is to reveal which security flaws have the highest priority so that federal agencies know how and when to fix them. But the same information can be used by private sector companies to better master their patch management. To that end, CISA has added eight new vulnerabilities that are actively being exploited and should be patched as soon as possible.
SEE: Mobile Device Security Policy (Tech Republic Premium)
On Monday, CISA announced the addition of the new security flaws to his Catalog of known exploited vulnerabilities† These vulnerabilities are a tempting target for exploitation by cybercriminals, and thus pose a risk to federal agencies. The catalog itself displays important information about each vulnerability, including the CVE number, product vendor and name, name of the vulnerability, date added to catalog, brief description, action needed to fix the flaw, and the latest federal agencies should patch it.
While the catalog and especially the expiration dates only apply to certain federal agencies, CISA said it urges all organizations to prioritize patching the most critical vulnerabilities on the list.
To see the eight new vulnerabilities at the catalog website, click the heading for Date added to catalog until you see the list in descending order by date. The eight new ones all have a date of April 11, 2022 and are described as follows:
- CVE-2022-23176–WatchGuard Firebox and XTM Privilege Escalation Vulnerability. WatchGuard Firebox and XTM appliances allow a remote attacker with unauthorized credentials to access the system with a privileged admin session through exposed admin access.
- CVE-2021-42287–Microsoft Active Directory Domain Services Privilege Escalation Vulnerability. Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows privilege escalation.
- CVE-2021-42278–Microsoft Active Directory Domain Services Privilege Escalation Vulnerability. Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows privilege escalation.
- CVE-2021-39793†Google Pixel Out-of-Bounds write vulnerability. Google Pixel may have out-of-bounds writes due to a logical error in the code that could lead to local privilege escalation.
- CVE-2021-27852–Checkbox Survey Deserialization of vulnerability for untrusted data. Deserialization of the untrusted data vulnerability in Checkbox Survey’s CheckboxWeb.dll allows an unauthenticated remote attacker to execute arbitrary code. Versions 6 and earlier for this product are end of life and should be removed from desktop networks. Versions 7 and above are not considered vulnerable.
- CVE-2021-22600–Linux Kernel Privilege Escalation Vulnerability. Linux Kernel contains a bug in the package socket (AF_PACKET) implementation, which may lead to incorrect memory freeing. A local user could abuse this for: denial of service or possibly for escalation of privileges.
- CVE-2020-2509–QNAP Network-Attached Storage (NAS) Command Injection Vulnerability. QNAP NAS devices contain a command injection vulnerability that could allow attackers to execute remote code.
- CVE-2017-11317–Telerik UI for ASP.NET AJAX Unlimited file upload vulnerability. Telerik.Web.UI in progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Each CVE contains links to the vendor’s website with further details and instructions on how to patch or otherwise resolve the specified vulnerability. CISA has given federal agencies a May 2, 2022 expiration date for fixing each of the eight new security vulnerabilities. While that date is obviously not binding on the private sector, companies and other organizations may still want to use that deadline for their own patch management planning.
Commenting on the WatchGuard Firebox and XTM Privilege Escalation vulnerability, Scott Williamson, VP of Information Services for Cybersecurity Provider Cerberus Sentinelexplained how it works and who it would affect.
SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
“While this exploit is serious for people whose firewalls were vulnerable and did not take proper precautions in implementation, those who followed best practices were not affected and were able to install a WatchGuard patch to address the vulnerability without affecting them. were exploited,” Williamson said. said.
“This exploit required management access to the Internet,” Williamson added. “While directly at odds with industry best practices, many companies left that access open and were impacted. The severity of the successful exploits highlights the importance of following best practices and regular firewall audits to ensure adherence to best practices.”
