The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, underscoring the persistent threat posed by these security weaknesses to organizations globally. These vulnerabilities have been singled out for active exploitation, making them prime targets for cybercriminals looking to infiltrate and harm both government and private-sector systems.
The identified vulnerabilities are CVE-2024-27348 (Apache HugeGraph-Server Improper Access Control Vulnerability), CVE-2020-0618 (Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability), CVE-2019-1069 (Microsoft Windows Task Scheduler Privilege Escalation Vulnerability), CVE-2022-21445 (Oracle JDeveloper Remote Code Execution Vulnerability), and CVE-2020-14644 (Oracle WebLogic Server Remote Code Execution Vulnerability).
These vulnerabilities pose significant risks and are actively exploited by malicious actors, as confirmed by CISA’s evidence of exploitation.
CISA’s Known Exploited Vulnerabilities Catalog is regularly updated to highlight Common Vulnerabilities and Exposures (CVEs) that present an immediate threat to organizations and their IT infrastructure. Failure to address these vulnerabilities can lead to severe consequences such as unauthorized access, privilege escalation, and remote code execution, potentially causing network disruptions, data leaks, and operational chaos.
The first vulnerability, CVE-2024-27348 affecting Apache HugeGraph-Server, enables remote attackers to run arbitrary code on an affected server due to inadequate access control measures. Organizations using this server should promptly apply vendor-provided mitigations or consider discontinuing its use to mitigate the risk of compromise.
The second vulnerability, CVE-2020-0618 in Microsoft SQL Server Reporting Services, allows authenticated attackers to execute arbitrary code on the server through a deserialization flaw. Mitigations provided by Microsoft should be implemented immediately to secure systems against exploitation.
The third vulnerability, CVE-2019-1069 in Microsoft Windows Task Scheduler, permits a local attacker to gain elevated SYSTEM privileges, potentially leading to full system control. Organizations should apply Microsoft’s recommended patches to prevent severe privilege escalation.
The fourth vulnerability, CVE-2022-21445 in Oracle JDeveloper, allows remote code execution through deserialization flaws in the ADF Faces component. Users should follow Oracle’s advisory to mitigate this vulnerability or discontinue using Oracle JDeveloper if mitigations are ineffective.
The fifth vulnerability, CVE-2020-14644 in Oracle WebLogic Server, enables unauthenticated remote access via T3 or IIOP protocols, compromising the entire server. Immediate application of Oracle’s patch is crucial to prevent exploitation.
By adding these vulnerabilities to the Known Exploited Vulnerabilities Catalog under Binding Operational Directive (BOD) 22-01, CISA mandates that Federal Civilian Executive Branch (FCEB) agencies address and remediate them within a specified timeframe. However, CISA emphasizes the importance for all organizations, both public and private, to prioritize remediation efforts to protect their networks from evolving cyber threats.
Vulnerabilities like these underscore the critical role of proactive cybersecurity measures in safeguarding organizations from potential data breaches, operational disruptions, reputational damage, and legal consequences. Timely remediation and robust vulnerability management practices are essential to fortify networks against cyber threats and maintain operational resilience.