KEV Catalog Adds Vulnerabilities Affecting TP-Link, Apache, and Oracle WebLogic Server
The CISA added three actively exploited flaws to the Known Exploited Catalog (KEV), thereby, alerting federal agencies to address the issues by updating the products to the latest versions to stay safe. The flaws in the questions affect TP-Link Archer AX-21 routers, Apache Log4j2 library, and Oracle WebLogic Server.
More in detail
- CVE-2023-1389 - It is a command injection vulnerability in TP-Link Archer AX-21 routers, which could be exploited to achieve remote code execution. In an observation, Trend Micro’s Zero Day Initiative found that the flaw was abused in recent attacks to distribute a new variant of the Mirai botnet onto the compromised devices.
- CVE-2021-45046 - It is an information leak and remote code execution vulnerability affecting Log4j versions from 2.0-beta 9 to 2.15.0, excluding 2.12.2. According to Sonatype’s Log4j vulnerable downloads dashboard, around 30% of the Log4j library still remains vulnerable to the flaw.
- CVE-2023-21839 - It is an unspecified vulnerability impacting Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. The PoC exploit for the flaw has been released to the public and can allow attackers to gain unauthorized access to sensitive data via T3, and IIOP protocols.
The new advisory comes a few days after the agency warned about the active exploitation of the newly found PaperCut flaw, that was exploited by two renowned ransomware groups - LockBit and Cl0p.
Ending note
Federal Civilian Executive Branch (FCEB) agencies were required to apply vendor-provided fixes by May 1. This will reduce their exposure to cyberattacks arising from these flaws, enabling them to prioritize their remediation efforts as part of vulnerability management practice.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000088167933_Medium.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/7ada_shutterstock_1159905355.jpg)
