CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Pierluigi Paganini February 11, 2022

The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild.

The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog.

The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

Below is the list of the vulnerabilities added to the catalog:

CVE IDDescriptionPatch Deadline
CVE-2021-36934Microsoft Windows SAM Local Privilege Escalation Vulnerability2/24/2022
CVE-2020-0796Microsoft SMBv3 Remote Code Execution Vulnerability8/10/2022
CVE-2018-1000861Jenkins Stapler Web Framework Deserialization of Untrusted Data8/10/2022
CVE-2017-9791Apache Struts 1 Improper Input Validation Vulnerability8/10/2022
CVE-2017-8464Microsoft Windows Shell (.lnk) Remote Code Execution8/10/2022
CVE-2017-10271Oracle Corporation WebLogic Server Remote Code Execution8/10/2022
CVE-2017-0263Microsoft Win32k Privilege Escalation Vulnerability8/10/2022
CVE-2017-0262Microsoft Office Remote Code Execution Vulnerability8/10/2022
CVE-2017-0145Microsoft SMBv1 Remote Code Execution Vulnerability8/10/2022
CVE-2017-0144Microsoft SMBv1 Remote Code Execution Vulnerability8/10/2022
CVE-2016-3088 Apache ActiveMQ Improper Input Validation Vulnerability8/10/2022
CVE-2015-2051D-Link DIR-645 Router Remote Code Execution8/10/2022
CVE-2015-1635Microsoft HTTP.sys Remote Code Execution Vulnerability8/10/2022
CVE-2015-1130Apple OS X Authentication Bypass Vulnerability8/10/2022
CVE-2014-4404Apple OS X Heap-Based Buffer Overflow Vulnerability8/10/2022

One of the vulnerabilities is an elevation of privilege vulnerability in Microsoft Windows SAM (Security Accounts Manager) vulnerability.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.” reads the advisory published by Microsoft. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

The US agency also added the CVE-2015-2051 remote code execution flaw impacting D-Link DIR-645 routers. In November, researchers at AT&T discovered a new BotenaGo botnet that was using thirty-three exploits to target millions of routers and IoT devices, including one for the above RCE.

Among the issues added to the catalog there are also old vulnerabilities, such as the CVE-2014-4404 Apple OS X Heap-Based buffer overflow vulnerability. Another older issue added to the catalog is CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware.

With the addition of these 15 vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 368.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment