CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog:

• CVE-2021-27876 – Veritas Backup Exec Agent File Access Vulnerability
• CVE-2021-27877 – Veritas Backup Exec Agent Improper Authentication Vulnerability
• CVE-2021-27878 – Veritas Backup Exec Agent Command Execution Vulnerability
• CVE-2019-1388 – Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
• CVE-2023-26083 – Arm Mali GPU Kernel Driver Information Disclosure Vulnerability

This week Mandiant researchers reported that an affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting the three above vulnerabilities in the Veritas Backup solution to gain initial access to the target network.

Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022. 

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this flaw by April 28, 2023.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)