CISA Issues Warning on Actively Exploited Flaws in GeoServer, Linux Kernel, and Roundcube Webmail

Linux Kernel exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These security flaws, impacting GeoSolutionsGroup, the Linux Kernel, and Roundcube Webmail are now under active exploitation.

Critical Flaws Under Active Exploitation

  1. CVE-2022-24816 (CVSS 9.8): Remote Code Execution in GeoServer

    This high-severity vulnerability in the JAI-EXT project, used by GeoServer, enables attackers to remotely execute arbitrary code on affected systems. By exploiting a flaw in Jiffle script handling, attackers can gain unauthorized access and control over vulnerable GeoServer installations. Immediate patching or mitigation is crucial to prevent potential compromise.

  2. CVE-2022-2586 (CVSS 7.8): Privilege Escalation in Linux Kernel

    The Linux Kernel, the core of many operating systems, is susceptible to a use-after-free vulnerability that allows local attackers to elevate their privileges. Successful exploitation could grant attackers administrative access, posing a severe risk to system integrity and data security. Prompt patching is essential to mitigate this threat.

  3. CVE-2020-13965 (CVSS 6.1): Cross-Site Scripting (XSS) in Roundcube Webmail

    Roundcube Webmail users face a potential cross-site scripting (XSS) attack through malicious XML attachments. By injecting malicious scripts, attackers can steal sensitive information, manipulate web content, or launch further attacks. Upgrading to patched versions is crucial to mitigate this risk.

Urgency and Action Required

While specific details of the active exploitation remain undisclosed, CISA’s inclusion of these vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog underscores the urgency of the situation. Federal agencies have been mandated to apply vendor-provided patches by July 17, 2024, and all organizations utilizing affected software are strongly advised to follow suit.