CISA Warns of Five Newly Listed Actively Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities have been actively exploited, putting numerous systems at risk. Among the affected products are Veritas Backup Exec, Microsoft Windows, and Arm Mali GPU Kernel Driver.

Photo by Max Bender on Unsplash

Actively Exploited Vulnerabilities

1. CVE-2021-27876 (CVSS Score: 8.1): Veritas Backup Exec Agent File Access Vulnerability

A vulnerability in Veritas Backup Exec (versions prior to 21.2) allows an attacker to gain unauthorized access to the agent and execute data management protocol commands. By using crafted input parameters, an attacker can access arbitrary files on the system using System privileges.

2. CVE-2021-27877 (CVSS Score: 9.8): Veritas Backup Exec Agent Improper Authentication Vulnerability

Another issue discovered in Veritas Backup Exec (versions prior to 21.2) involves an outdated SHA authentication scheme. An attacker can remotely exploit this scheme to gain unauthorized access to an agent and execute privileged commands.

3. CVE-2021-27878 (CVSS Score: 8.8): Veritas Backup Exec Agent Command Execution Vulnerability

Similar to CVE-2021-27876, this vulnerability in Veritas Backup Exec (versions prior to 21.2) allows an attacker to gain unauthorized access due to a weakness in the SHA Authentication scheme. The attacker can execute data management protocol commands and potentially run arbitrary commands on the system using System privileges.

4. CVE-2019-1388 (CVSS Score: 7.8): Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability

Microsoft Windows is affected by a vulnerability that could enable a local authenticated attacker to gain elevated privileges. This issue stems from improper enforcement of user privileges in the Certificate Dialog. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

5. CVE-2023-26083: Arm Mali GPU Kernel Driver Information Disclosure Vulnerability

A memory leak vulnerability affects Arm Mali GPU Kernel Driver across multiple versions, exposing sensitive kernel metadata. This issue allows a non-privileged user to conduct valid GPU processing operations, potentially leading to information disclosure.

Protecting Your Systems

Given the active exploitation of these vulnerabilities, it’s crucial for organizations and individuals to take immediate action. Users should apply patches and updates provided by the respective vendors as soon as possible. Ensuring systems are up-to-date and employing best security practices can significantly reduce the risk of falling victim to these types of attacks.