The US cybersecurity organization CISA has recently added five new security flaws to its Known Exploited Vulnerabilities catalog. These vulnerabilities are currently being actively exploited by attackers to gain unauthorized access, steal sensitive data, or cause damage to critical infrastructure.
It is essential for organizations to be aware of these vulnerabilities and take immediate steps to mitigate the risk of exploitation. Earlier this year, several vulnerabilities were reported in popular software applications such as Acrobat, Cisco IOS, WordPad, Skype, and HTTP/2 Rapid Reset.
As a precautionary measure, CISA advises businesses to be cautious of these vulnerabilities and take necessary steps to secure their systems against potential cyber-attacks. These vulnerabilities are commonly found in the federal enterprise, making them significant threats to their security.
One of the newly added vulnerabilities is a Use After Free vulnerability in Adobe Acrobat Reader. This vulnerability can lead to arbitrary code execution in the context of the current user. However, it can only be exploited if the victim opens a malicious file that involves user involvement. Adobe has already patched this vulnerability, but PoC exploit code for this issue is available.
Another vulnerability that is actively exploited is found in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software. An authenticated, remote attacker with administrative access to a group member or a key server could exploit this vulnerability to gain complete control of the targeted system or force it to reload, resulting in a DoS attack. Cisco has fixed this flaw at the end of September.
Microsoft Skype for Business is also affected by a privilege escalation vulnerability (CVE-2023-41763). An attacker could make a specially crafted network call to the target Skype for Business server, which could disclose IP addresses or port numbers to the attacker. This information could provide the attacker access to internal networks. Microsoft has patched this flaw in its October Patch Tuesday release.
Additionally, Microsoft WordPad and the HTTP/2 protocol have also been exploited. In WordPad, an information disclosure vulnerability allows NTLM hashes to be revealed under certain circumstances. The attacker would need to convince the user to click a link and open a specially crafted file. Microsoft patched this flaw in October.
The HTTP/2 protocol flaw, CVE-2023-44487, has been used in recent massive DDoS attacks. The flaw lies in the protocol’s handling of request cancellations or resets, which consumes server resources and leads to denial of service. This vulnerability may affect many web platforms.
CISA emphasizes the importance of promptly repairing these vulnerabilities as part of organizations’ vulnerability management procedures to reduce their exposure to attacks. It is crucial for businesses to prioritize patching and securing their systems to protect themselves from potential cyber threats.
In conclusion, the addition of these five newly exploited vulnerabilities to CISA’s Known Exploited Vulnerabilities catalog highlights the ongoing threat posed by cyber attackers. Organizations must remain vigilant, update their systems, and implement necessary security measures to safeguard their data and infrastructure from these vulnerabilities and potential cyber-attacks.