CISA Adds 12 New Known Actively Exploited Vulnerabilities to its Catalog

Known Actively Exploited Vulnerabilities
Cybersecurity and Infrastructure Security Agency, Public domain, via Wikimedia Commons

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 12 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including multi critical-severity security flaws affecting Chrome, D-Link routers, QNAP, Apple, Oracle, Fortinet, MikroTik, NETGEAR and Android OS.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates,”  the agency said in an advisory published on September 8, 2022.

Of the 12 newly added bugs, 4 relate to the D-Link flaw, and one each corresponds to Chrome, QNAP, Apple, Oracle, Fortinet, MikroTik, NETGEAR, and Android OS.

Cybersecurity and Infrastructure Security Agency, Public domain, via Wikimedia Commons

Included in the list are four issues discovered in D-Link DIR-816L, DIR-820L, DIR-300, and multiple routers, which CISA notes are being exploited in real-world attacks.

Three of the vulnerabilities – CVE-2018-6530, CVE-2022-28958, and CVE-2022-26258 – are rated 9.8 out of 10 on the CVSS rating scale, enabling an attacker to inject malicious commands, and run arbitrary code on vulnerable systems.

Among other actively exploited flaws added to the list are as follows –

  • CVE-2022-3075: Google Chromium Insufficient Data Validation Vulnerability
  • CVE-2022-27593: QNAP Photo Station Externally Controlled Reference Vulnerability
  • CVE-2020-9934: Apple iOS, iPadOS, and macOS Input Validation Vulnerability
  • CVE-2018-7445: MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
  • CVE-2018-2628: Oracle WebLogic Server Unspecified Vulnerability
  • CVE-2018-13374: Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
  • CVE-2017-5521: NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability
  • CVE-2011-1823: Android OS Privilege Escalation Vulnerability

The federal agencies were given three weeks, until September 29th, to ensure that exploitation attempts would be blocked.

CISA hasn’t shared technical details of the attacks that exploit the vulnerability in the wild and have yet to attribute it to a certain threat actor.

In the light of active exploitation of the flaw, users are recommended to review CISA’s Known Actively Exploited Vulnerabilities catalog and apply the updates to the software to reduce their exposure to potential cyberattacks.