CISA Adds Seven New Vulnerabilities in Known Exploited Vulnerabilities Catalog

The cybersecurity landscape is a perpetually shifting terrain, a cat-and-mouse game between defenders fortifying their systems and attackers probing for weaknesses. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating evidence of active exploitation.

1. CVE-2023-25717: Ruckus Wireless Products CSRF and RCE Vulnerability

First on our list is a vulnerability affecting multiple Ruckus Wireless products, which holds a Common Vulnerability Scoring System (CVSS) score of a whopping 9.8. This vulnerability could allow a remote attacker to execute arbitrary code on the system due to a flaw in the “/forms/doLogin?login_username=admin&password=password$(curl” substring. Essentially, by sending a specially-crafted HTTP GET request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

This vulnerability has caught the attention of cybersecurity researchers at FortiGuard Labs, who discovered the novel AndoryuBot botnet. This botnet leverages the SOCKS protocol and exploits the Ruckus vulnerability to infect devices, highlighting the real-world implications of this flaw.

2. CVE-2021-3560: Red Hat Polkit Incorrect Authorization Vulnerability

The Polkit service in Red Hat has been found to have an incorrect authorization vulnerability. Polkit could be tricked into bypassing the credential checks for D-Bus requests, thereby elevating the privileges of the requestor to the root user level. This flaw could be exploited by an unprivileged local attacker to create a new local administrator. This poses a significant threat to data confidentiality, integrity, and system availability.

3. CVE-2014-0196: Linux Kernel Race Condition Vulnerability

A race condition vulnerability in the Linux Kernel could allow a local attacker to gain elevated privileges. The flaw resides in the n_tty_write function, and by invoking the TTY write buffer, an attacker could exploit this vulnerability to gain system privileges or even crash the system.

4. CVE-2010-3904: Linux Kernel Improper Input Validation Vulnerability

Another flaw within the Linux Kernel relates to the failure to verify user-supplied addresses by the rds_page_copy_user() function. If the CONFIG_RDS kernel configuration option is set without restrictions on unprivileged users, a local attacker could send a specially-crafted RDS protocol socket call to execute arbitrary code on the system with kernel-level privileges.

5. CVE-2015-5317: Jenkins User Interface Information Disclosure Vulnerability

The Jenkins automation server is not immune from vulnerabilities, either. A flaw in its user interface could allow a remote attacker to obtain sensitive information, such as the names of jobs and builds on the Fingerprints pages.

6. CVE-2016-3427: Oracle Java SE and JRockit Unspecified Vulnerability

Oracle Java SE, Java SE Embedded, and JRockit are subject to an unspecified vulnerability related to the Java Management Extensions (JMX) component. This flaw carries a complete confidentiality impact, complete integrity impact, and complete availability impact, signifying a major threat to any systems relying on these Oracle products.

7. CVE-2016-8735: Apache Tomcat Remote Code Execution Vulnerability

Last but not least, the popular Apache Tomcat is susceptible to a remote code execution vulnerability. This issue exists if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. Remote code execution is possible with various versions of Apache Tomcat, drawing attention to the need for prompt patching and updating.

Federal Civilian Executive Branch (FCEB) agencies have time till June 2, 2023, to apply the patches to secure their networks against potential threats.