HomeUpdateThese are some Additions of flaws in the exploited vulnerability catalog

These are some Additions of flaws in the exploited vulnerability catalog

-

Last Updated on 05/03/2022 by Nidhi Khandelwal

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) published 95 new security weaknesses to its Known Exploited Vulnerabilities Catalog this week, bringing the total number of actively exploited vulnerabilities to 478.

These are some Additions of flaws in the exploited vulnerability catalog 1

In a March 3, 2022 alert, the agency stated, “These types of vulnerabilities are a common attack vector for malevolent cyber actors and represent significant risk to the federal organization.”

There are 38 Cisco vulnerabilities, 27 Microsoft vulnerabilities, 16 Adobe vulnerabilities, seven Oracle vulnerabilities, and one each for Apache Tomcat, ChakraCore, Exim, Mozilla Firefox, Linux Kernel, Siemens SIMATIC CP, and Treck TCP/IP stack.

Five vulnerabilities in Cisco RV routers were uncovered, according to CISA, and are being exploited in real-world assaults. The weaknesses, which were discovered early last month, allow arbitrary code to be executed with root capabilities.

Three of the vulnerabilities – CVE-2022-20699, CVE-2022-20700, and CVE-2022-20708 – have a CVSS rating of 10 out of 10, allowing an attacker to insert malicious instructions, elevate privileges to root, and run arbitrary code on susceptible systems.

These are some Additions of flaws in the exploited vulnerability catalog 2

CVE-2022-20701 (CVSS score: 9.0) and CVE-2022-20703 (CVSS score: 9.3) are similar in that they can “execute arbitrary code, elevate privileges, overcome authentication and authorisation restrictions, fetch and run unsigned software, or cause a denial of service,” according to CISA.

Cisco, for one, has already stated that it is “aware that proof-of-concept exploit code for several of the vulnerabilities is available.” The nature of the attacks, as well as the threat actors who may be weaponizing them, is unknown at this time.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...