The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild.

The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog.

The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

Below is the list of the vulnerabilities added to the catalog:

CVE IDDescriptionPatch DeadlineCVE-2021-36934Microsoft Windows SAM Local Privilege Escalation Vulnerability2/24/2022CVE-2020-0796Microsoft SMBv3 Remote Code Execution Vulnerability8/10/2022CVE-2018-1000861Jenkins Stapler Web Framework Deserialization of Untrusted Data8/10/2022CVE-2017-9791Apache Struts 1 Improper Input Validation Vulnerability8/10/2022CVE-2017-8464Microsoft Windows Shell (.lnk) Remote Code Execution8/10/2022CVE-2017-10271Oracle Corporation WebLogic Server Remote Code Execution8/10/2022CVE-2017-0263Microsoft Win32k Privilege Escalation Vulnerability8/10/2022CVE-2017-0262Microsoft Office Remote Code Execution Vulnerability8/10/2022CVE-2017-0145Microsoft SMBv1 Remote Code Execution Vulnerability8/10/2022CVE-2017-0144Microsoft SMBv1 Remote Code Execution Vulnerability8/10/2022CVE-2016-3088 Apache ActiveMQ Improper Input Validation Vulnerability8/10/2022CVE-2015-2051D-Link DIR-645 Router Remote Code Execution8/10/2022CVE-2015-1635Microsoft HTTP.sys Remote Code Execution Vulnerability8/10/2022CVE-2015-1130Apple OS X Authentication Bypass Vulnerability8/10/2022CVE-2014-4404Apple OS X Heap-Based Buffer Overflow Vulnerability8/10/2022One of the vulnerabilities is an elevation of privilege vulnerability in Microsoft Windows SAM (Security Accounts Manager) vulnerability.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.” reads the advisory published by Microsoft. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

The US agency also added the CVE-2015-2051 remote code execution flaw impacting D-Link DIR-645 routers. In November, researchers at AT&T discovered a new BotenaGo botnet that was using thirty three exploits to target millions of routers and IoT devices, including one for the above RCE.

Among the issued added to the catalog there are also old vulnerabilities, such as the CVE-2014-4404 Apple OS X Heap-Based buffer overflow vulnerability. Another older issue added to the catalog is CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware.

With the addition of these 15 vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 368.

Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

The post CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.