CISA Alerts on Active Exploitation of Flaws in ImageMagick, Linux Kernel, and SonicWall

SonicWall vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The agency’s action underscores the urgent need for Federal Civilian Executive Branch (FCEB) agencies to patch their systems by September 30, 2024, to safeguard against potential cyberattacks.

The Exploited Vulnerabilities:

  1. CVE-2016-3714 (CVSS 8.4): ImageMagick Flaw Opens Door to Remote Code Execution: This long-standing vulnerability in ImageMagick, a popular image processing library, allows attackers to execute malicious code remotely by exploiting insufficient filename filtering during file conversions.

  2. CVE-2017-1000253 (CVSS 7.8): Linux Kernel Vulnerability Enables Privilege Escalation: A buffer corruption flaw in the Linux kernel’s load_elf_binary() function allows local attackers to escalate their privileges, potentially gaining full control of the system.

  3. CVE-2024-40766 (CVSS 9.3): SonicWall SonicOS Vulnerability Under Attack by Akira Ransomware: This flaw has been linked to ransomware affiliates, including those connected to the Akira ransomware group. Arctic Wolf security researchers found that these threat actors have been exploiting the flaw to gain an initial foothold in victims’ networks, primarily targeting Gen 5, Gen 6, and Gen 7 SonicWall devices. Moreover, Rapid7 has reported that ransomware groups have been actively targeting SonicWall SSLVPN accounts, although concrete evidence connecting these attacks to CVE-2024-40766 remains circumstantial.

CISA’s Call to Action:

CISA’s addition of these vulnerabilities to the KEV catalog reinforces the immediate need for FCEB agencies to take action. The agency has set a September 30, 2024 deadline for patching affected systems to mitigate potential threats.

Related Posts: