DHS CISA KEVs Weekly Edition 26: Patch Before You Hit the Deadline
Posted on Jan 21, 2023 | By Supriya Aluri
The US Cyber Security department is taking an aggressive approach in tackling cyber attacks including counter attacks on cybercriminals, imposing mandatory cybersecurity regulations for sectors commonly under attack, strengthening cyber security for energy pipelines, etc. There are totally 870 vulnerabilities in the KEV catalog right now. 7 of them need your attention this week.
Why are these CVEs important?
From our analysis, we found that
All 7 vulnerabilities are weaponized and have been exploited in the wild.
CVE-2018-18809 and CVE-2018-5430 are TIBCO vulnerabilities that were discovered in 2018. These two vulnerabilities were recently exploited in attacks following which CISA added them to the KEV.
CVE-2022-42475 is a FortiOS vulnerability which is actively being exploited by suspected Chinese threat actors deploying a new malware known as BOLDMOVE.
CVE-2022-44698 is a security feature bypass vulnerability in Windows SmartScreen, a feature built into Windows that works with its Mark of the Web (MOTW) functionality. It is widely exploited by threat actors.
CVE-2022-26501 and CVE-2022-26500 are Veeam Backup and Replication vulnerabilities that are also exploited currently. They allow remote authenticated users access to internal API functions that can allow unauthenticated attackers to remotely upload and execute arbitrary code.
CVE-2022-27518 impacts the products mentioned only when configured as a Security Assertion Markup Language (SAML) service provider (SP) or a SAML identity provider (IdP). Targeted attacks by APT5 have been observed in the wild, making it critical for customers to patch this vulnerability.
How Far Back Do They Go?
Only the TIBCO vulnerabilities date back to 2018. Rest of the vulnerabilities were discovered in 2022. The TIBCO vulnerabilities were trending recently which prompted CISA to add it to the KEV catalog.
Which Vendors Are Affected?
Multiple vendors including Veeam and Apple are affected. The Citrix vulnerability can affect multiple products if the device has SAML configured.
Most vulnerabilities are ranked high and critical on the CVSS scale. CVE-2022-44698 is given a 5.4 rating.
CVE-2022-42475 and CVE-2022-27518 do not have any CWEs associated to them.
Table: DHS CISA KEVs
We urge organizations to implement patches for these CVEs at the earliest. With CSW’s threat-based approach and vulnerability intelligence, security teams can prioritize the threats, including all KEVs, and minimize their attack surface.
For the latest news regarding vulnerabilities that are exploited and critical threats, read our blog on Weekly Threat Intelligence.
Never miss a patch or an update with CSW's Patch Watch Newsletter. Subscribe now!