Microsoft, Linux, Dahua Flaws Exploited: CISA Warns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, adding four critical security vulnerabilities impacting Microsoft Exchange Server, the Linux kernel, and Dahua IP Cameras to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities have been observed in active attacks, underscoring the urgent need for remediation.
- CVE-2021-31196: Microsoft Exchange Server Remote Code Execution Vulnerability (CVSS 7.2)
The first vulnerability, CVE-2021-31196, is a remote code execution flaw in Microsoft Exchange Server. This vulnerability allows attackers to execute arbitrary code on vulnerable servers, potentially leading to full system compromise. Given the widespread use of Microsoft Exchange in enterprise environments, this vulnerability represents a significant risk to organizations that have not yet applied the necessary patches.
- CVE-2022-0185: Linux Kernel Heap-Based Buffer Overflow (CVSS 8.4)
The second vulnerability, CVE-2022-0185, affects the Linux kernel and involves a heap-based buffer overflow in the Filesystem Context functionality. This flaw occurs in the legacy_parse_param function, where the length of supplied parameters is incorrectly verified. An unprivileged local user with the ability to open a filesystem that does not support the Filesystem Context API could exploit this vulnerability to escalate their privileges on the affected system. The severity of this issue is heightened in environments where unprivileged user namespaces are enabled, making it easier for attackers to gain elevated privileges.
- CVE-2021-33045 & CVE-2021-33044: Dahua IP Camera Identity Authentication Bypass (CVSS 9.8)
The final two vulnerabilities, CVE-2021-33045 and CVE-2021-33044, are identity authentication bypass flaws found in Dahua IP Cameras. These vulnerabilities allow attackers to bypass device authentication during the login process by crafting malicious data packets. Both flaws have been rated with a CVSS score of 9.8, highlighting their critical nature. The ability to bypass authentication on widely-deployed IP cameras poses significant risks, particularly in sensitive environments where surveillance footage and security monitoring are paramount.
CISA has mandated that federal agencies address these vulnerabilities by September 11, 2024. However, the urgency of the situation extends far beyond the federal government. All organizations that rely on these systems are strongly encouraged to apply the latest patches and updates as soon as possible.
