Pierluigi Paganini August 09, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Android Kernel Remote Code Execution flaw (CVE-2024-36971) and an Apache OFBiz Path Traversal issue (CVE-2024-32113) to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions of the two flaws:

• CVE-2024-36971 is a remote code execution vulnerability impacting the Android kernel. The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group (TAG). The TAG team investigates attacks carried out by nation-state actors and commercial spyware vendors. The IT giant is aware that the vulnerability has been actively exploited in the wild. The company did not share details of the attacks exploiting this vulnerability.
• CVE-2024-32113 is a path traversal issue in the Apache OFBiz. The exploitation of this vulnerability could lead to remote command execution. Researchers from SANS recently observed a surge in the attacks targeting CVE-2024-32113.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by August 28, 2024.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Known Exploited Vulnerabilities Catalog)