CISA Warns of Active Exploitation of CVE-2021-36380 & CVE-2023-21237 Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging quick action. Two vulnerabilities (CVE-2021-36380 & CVE-2023-21237), known to be under active attack, have landed on their KEV (Known Exploited Vulnerabilities) catalog. This means real attacks are happening now, not just theoretical risks.

Bug Breakdown

• CVE-2021-36380 (Sunhillo SureLine): A critical flaw with a severity score of 9.8 out of 10. It acts like a hidden backdoor within Sunhillo SureLine software, granting attackers complete system control if exploited. This could result in data theft, system lockdowns, or even using the infected system as a launchpad for further attacks. A proof-of-concept released in 2021 laid bare the mechanics of this exploit.

• CVE-2023-21237 (Sunhillo SureLine): This medium-severity bug targets Android Pixel phones. While less immediately catastrophic, attackers could leverage it to snoop on sensitive data like your location history, contact lists, or private messages.

Why the Urgency?

CISA closely monitors attack trends. While they’re keeping details under wraps to avoid tipping off attackers, their decision to add these flaws to the KEV list means they have credible evidence of active attacks.

Patch, Patch, Patch!

In response to these emergent threats, CISA has sounded the horn for Federal Civilian Executive Branch (FCEB) agencies, mandating the application of vendor-provided patches by March 26, 2024.