The CISA has added 17 actively exploited vulnerabilities to its catalog of known vulnerabilities and warned federal agencies to patch these.

Diving into details

The Known Exploited Vulnerabilities Catalog shows around 341 vulnerabilities that include the new 17 vulnerabilities, along with the date by which agencies have to fix or apply security updates to mitigate the flaw.
  • The listed vulnerabilities allow attackers to carry out different types of attacks, such as stealing credentials/information, remotely executing commands, gaining access to networks, and downloading/executing malware.
  • Out of the 17 new vulnerabilities, ten must be patched within the first week of February. 
  • Four vulnerabilities are given a remediation date of July 18.
  • The newly added flaws exist in multiple products, including Struts 1, Serv-U, Airflow, and Nagios XI.

What are newly added vulnerabilities


Notable attacks exploiting the listed flaws

  • The CVE-2021-32648 flaw in an old version of October CMS used in websites was exploited to deface government websites in Ukraine.
  • Another security flaw, tracked as CVE-2021-35247 was uncovered by Microsoft to be abused in the Log4j attacks. The attack targets Windows domain controllers set up as LDAP servers.

Conclusion

An exploitable flaw is a weak link for a network and may endanger the firm's security. While hackers continue to exploit critical vulnerabilities, security professionals should review the known exploited vulnerability catalog and patch any discovered flaw immediately.
Cyware Publisher

Publisher

Cyware