CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

CVE-2023-25280

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has once again raised the alarm, adding four new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These additions underscore the urgent need for organizations, especially federal agencies, to prioritize patching and mitigation efforts to defend against active cyber threats.

The New Vulnerabilities in Focus

  • CVE-2023-25280 (CVSS 9.8): This critical vulnerability in certain D-Link routers opens the door for attackers to gain complete control (root access) through a specially crafted exploit. Alarmingly, the technical details and proof-of-concept code have been publicly released, increasing the risk of widespread attacks. CISA recommends discontinuing the use of affected products, as they are end-of-life and no longer supported.

  • CVE-2020-15415 (CVSS 9.8): Another critical flaw, this time impacting DrayTek Vigor routers, enables remote code execution. Attackers can leverage shell metacharacters within filenames to gain unauthorized control. Organizations are advised to apply vendor-provided mitigations or, if unavailable, retire the affected devices.

  • CVE-2021-4043 (CVSS 5.5): This vulnerability in Motion Spell GPAC, while less severe, still poses a risk. Local attackers can trigger a denial-of-service (DoS) condition, disrupting operations. Prompt action is necessary to mitigate potential service interruptions.

  • CVE-2019-0344 (CVSS 9.8): This critical vulnerability in SAP Commerce Cloud allows for arbitrary code execution on affected systems. Attackers can leverage this flaw to gain unauthorized access and potentially compromise sensitive data. Applying vendor-provided mitigations is crucial for organizations relying on this software.

Deadline for Federal Agencies

In response to the active exploitation of these vulnerabilities, CISA has issued a directive to federal agencies, mandating the application of the latest security patches by October 21, 2024. This deadline emphasizes the urgency of the situation and the need for swift action to protect critical infrastructure and sensitive information.

Related Posts: