CISA Adds Four Known Exploited Vulnerabilities to Catalogue
On August 21, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with four newly identified vulnerabilities, emphasizing the need for immediate remediation.
Introduction
On August 21, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with four newly identified vulnerabilities, emphasizing the need for immediate remediation. These vulnerabilities have been actively exploited and pose substantial risks, particularly to federal networks. CISA’s ongoing efforts aim to mitigate these threats through timely vulnerability management.
Report Overview
CISA's Known Exploited Vulnerabilities Catalog is a critical component of Binding Operational Directive (BOD) 22-01, designed to reduce significant risks to federal enterprises by identifying and remediating vulnerabilities that are actively exploited. This catalog is continually updated based on new evidence of exploitation, and the latest additions underscore the persistent threats that organizations face.
- CVE-2021-33044: A Dahua IP Camera authentication bypass vulnerability, allowing attackers to bypass security measures and potentially access sensitive camera feeds.
- CVE-2021-33045: Another authentication bypass vulnerability affecting Dahua IP Cameras, similar in nature to CVE-2021-33044, which could lead to unauthorized access.
- CVE-2022-0185: A Linux Kernel heap-based buffer overflow, which can be exploited to execute arbitrary code or cause a system crash, making it a critical concern for systems relying on the Linux Kernel.
- CVE-2021-31196: A Microsoft Exchange Server information disclosure vulnerability, which could allow attackers to gain access to sensitive information without proper authorization.
These vulnerabilities have been actively exploited in the wild, making them prime targets for threat actors. The exploitation methods vary, with some focusing on bypassing authentication protocols, while others leverage buffer overflows to execute malicious code or disrupt services.
The impact of these vulnerabilities is significant, particularly for organizations that rely on the affected systems and devices. The Dahua IP Camera vulnerabilities could lead to unauthorized surveillance, compromising privacy and security. The Linux Kernel vulnerability poses a severe risk to any system running the affected versions, potentially leading to system crashes or unauthorized control. The Microsoft Exchange Server vulnerability could expose sensitive data, leading to information breaches that have far-reaching consequences for organizations.
CISA has highlighted the importance of addressing these vulnerabilities promptly to protect federal networks and has strongly urged all organizations to incorporate these updates into their vulnerability management practices.
Insights and Analysis
CISA's directive under BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate these vulnerabilities by a specified due date. Although the directive primarily targets federal agencies, CISA emphasizes the broader relevance of these vulnerabilities, urging all organizations to take immediate action. The continuous addition of vulnerabilities to the catalog reflects CISA's commitment to staying ahead of emerging threats and ensuring that organizations are equipped to defend against active cyberattacks.
Organizations must prioritize the timely remediation of these newly cataloged vulnerabilities to mitigate the risks posed by active exploitation. CISA's guidance underlines the critical nature of these vulnerabilities, urging swift action to safeguard systems and sensitive data. As cyber threats continue to evolve, proactive vulnerability management remains essential for maintaining a secure digital environment.
To protect against these threats, organizations should:
- Immediately apply available patches or updates to affected systems.
- Conduct a thorough assessment of their vulnerability management practices to ensure that high-risk vulnerabilities are prioritized.
- Stay informed about new vulnerabilities added to CISA's catalog and respond promptly to mitigate risks.
Indicators of Compromise (IoCs)
| Indicator | Type | Description |
|---|---|---|
| CVE-2021-33044 | Vulnerability | Dahua IP Camera authentication bypass vulnerability. |
| CVE-2021-33045 | Vulnerability | Another authentication bypass in Dahua IP Cameras. |
| CVE-2022-0185 | Vulnerability | Linux Kernel heap-based buffer overflow. |
| CVE-2021-31196 | Vulnerability | Microsoft Exchange Server information disclosure vulnerability. |
MITRE ATT&CK Table
| Tactic | Technique | ID | Description |
|---|---|---|---|
| Initial Access | Exploit Public-Facing Application | T1190 | Exploiting vulnerabilities in public-facing applications, such as those in Dahua IP Cameras. |
| Privilege Escalation | Exploitation for Privilege Escalation | T1068 | Exploiting a vulnerability to gain higher-level permissions, such as the Linux Kernel buffer overflow. |
| Defense Evasion | Exploitation for Defense Evasion | T1211 | Bypassing security mechanisms, such as authentication bypass vulnerabilities in Dahua IP Cameras. |
| Collection | Data from Local System | T1005 | Collecting sensitive information, which could be facilitated by the Microsoft Exchange Server vulnerability. |
| Impact | Data Destruction or Corruption | T1485 | Using a vulnerability to cause system crashes or destroy data, potentially associated with the Linux Kernel issue. |
References
Comments ()