CVE-2023-32315 & CVE-2023-38831 Vulnerabilities Actively Exploited, CISA Requires Patches by September 14

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities, in RARLAB WinRAR and Ignite Realtime Openfire, have been actively exploited by threat actors.

RARLAB WinRAR Vulnerability

The vulnerability in WinRAR cataloged as CVE-2023-38831, allows threat actors to spoof file extensions. This means that a malicious script contained within an archive could be disguised as a seemingly innocuous image or text file.

In attacks discovered by the Singapore-based firm Group-IB in July 2023, specially crafted ZIP or RAR archive files distributed via trading-related forums such as Forex Station have been used to deliver a variety of malware families such as DarkMe, GuLoader, and Remcos RAT.

Ignite Realtime Openfire Vulnerability

Openfire is an XMPP server licensed under the Open Source Apache License. XMPP is a protocol for real-time communication, often used for chat and instant messaging.

The vulnerability in Openfire’s administrative console tracked as CVE-2023-32315, allows an unauthenticated user to access restricted pages in the Openfire Admin Console. This could allow an attacker to take control of an Openfire server or steal sensitive data.

This vulnerability affects all versions of Openfire that have been released since April 2023, starting with version 3.10.0. The CVE-2023-32315 bug has been patched in Openfire releases 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be-released first version of the 4.8 branch (which is expected to be version 4.8.0).

Remediation Steps

CISA has advised Federal Civilian Executive Branch (FCEB) agencies to apply the necessary patches to WinRAR and Openfire by September 14, 2023. FCEB agencies can find the patches for WinRAR and Openfire on the respective vendor websites.

Best Practices for Reducing Vulnerabilities

In addition to applying patches, organizations can take steps to reduce their exposure to vulnerabilities by:

• Using strong passwords and multi-factor authentication
• Keeping software up to date
• Implementing security awareness training for employees
• Using a vulnerability scanner to identify and prioritize vulnerabilities

By following these best practices, organizations can help to protect themselves from active exploitation of critical security vulnerabilities.