CISA Flaws

Exposing the cracks, CISA adds flaws to KEV

2 Mins Read

PUREVPNNewsExposing the cracks, CISA adds flaws to KEV

The Known Exploited Vulnerabilities (KEV) catalog has recently been updated by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to include three new security flaws based on evidence of active exploitation.

What are they about?

  • One of the newly added vulnerabilities (CVE-2023-1389) concerns a case of command injection that affects TP-Link Archer AX-21 routers and can be exploited to achieve remote code execution. Threat actors associated with the Mirai botnet have reportedly leveraged this flaw since April 11, 2023.
  • The second flaw (CVE-2021-45046) is a remote code execution vulnerability affecting the Apache Log4j2 logging library disclosed in December 2021. While it’s currently unclear how this specific vulnerability is being exploited in the wild, data from GreyNoise shows evidence of exploitation attempts from as many as 74 unique IP addresses over the past 30 days. However, this data also includes attempts to exploit CVE-2021-44228 (Log4 Shell).
  • The third vulnerability (CVE-2023-21839) is a high-severity bug in Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, which could allow unauthorized access to sensitive data. Oracle has already issued patches for this flaw in updates released in January 2023.

CISA catalog.

“While proof-of-concept (PoC) exploits are available for some of these vulnerabilities, there are no public reports of malicious exploitation yet. However, Federal Civilian Executive Branch (FACEBOOK) agencies must apply vendor-provided fixes by May 22, 2023, to ensure their networks are protected against these active threats.”

Is CISA working enough?

It’s worth noting that this advisory comes just over a month after VulnCheck revealed that almost 50 security flaws, likely weaponized in 2022, are missing from the KEV catalog. Most of these vulnerabilities are related to exploitation by Mirai-like botnets, followed by ransomware gangs and other threat actors.

As a final point…

The CISA KEV catalog is a significant driver in the cyber security pool. It can not be considered the definitive source because it has yet to include vulnerabilities currently being exploited. Therefore, there is a need that security professionals must exercise their measures, too, to determine additional sources.

author

PureVPN

date

May 3, 2023

time

1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android
Posted on May 16, 2024
Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN