CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog

CVE-2023-21839

The Cybersecurity and Infrastructure Security Agency (CISA) has identified three emerging security vulnerabilities posing significant risks to the federal enterprise. These flaws, which have shown evidence of active exploitation, are frequently targeted by malicious cyber actors.

1. TP-Link Archer AX-21 Command Injection Vulnerability (CVE-2023-1389)

Severity: Critical (CVSS score of 8.8)

This vulnerability affects the TP-Link Archer AX21 router and can enable a remote attacker to execute arbitrary commands on the system. The flaw originates from the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface, which, when exploited with a specially crafted request, grants the attacker access to execute arbitrary commands.

Organizations and individuals using the TP-Link Archer AX21 router are urged to implement patches and mitigate the risks associated with this critical vulnerability.

2. Apache Log4j2 Deserialization of Untrusted Data Vulnerability (CVE-2021-45046)

Severity: Severe (CVSS score of 9.0)

The Apache Log4j2 vulnerability is a result of an incomplete fix of CVE-2021-44228 in specific non-default configurations. When the logging configuration employs a non-default Pattern Layout with a Context Lookup, attackers controlling Thread Context Map (MDC) input data can craft malicious input using a JNDI Lookup pattern. This exploitation allows for sensitive information leakage, remote code execution in some environments, and local code execution in all environments.

Organizations relying on Apache Log4j must ensure that their configurations are up-to-date and protected against this severe vulnerability.

3. Oracle WebLogic Server Unspecified Vulnerability (CVE-2023-21839)

Severity: High (CVSS score of 7.5)

The CVE-2023-21839 vulnerability affects the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) and has the potential to grant unauthorized access to critical data. Versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are impacted by this easily exploitable flaw. Unauthenticated attackers with network access via T3 or IIOP can compromise the Oracle WebLogic Server, gaining complete access to all accessible data.

Organizations using Oracle WebLogic Server should take immediate action to secure their systems and protect their sensitive data.

In an increasingly interconnected world, cyber threats continue to evolve, putting critical infrastructure and sensitive data at risk. Organizations must remain vigilant, stay informed of emerging vulnerabilities, and implement necessary patches and updates to safeguard their networks. With this proactive approach to cybersecurity, we can mitigate potential attacks and protect our digital landscape from malicious actors.