Three Newly Added KEV Vulnerabilities: What You Need to Know

KEV Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. These vulnerabilities are:

  • CVE-2023-40044: Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
  • CVE-2023-42824: Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
  • CVE-2023-22515: Atlassian Confluence Data Center and Server Privilege Escalation Vulnerability

1. A Maximum Severity Flaw: CVE-2023-40044

CVE-2023-40044 is a critical vulnerability in the Progress WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface that allows a pre-authenticated attacker to execute remote commands on the underlying WS_FTP Server operating system. What makes this particularly alarming is its CVSS score of 10.0, suggesting maximum severity.

Progress Software has released hotfixes for the vulnerability, but it is important to note that all versions of the software are impacted. Cybersecurity firms Rapid7 and Huntress Labs have both observed in-the-wild exploitation of this vulnerability, so it is imperative that users move quickly to apply the fixes.

2. Apple’s Kernel Woes: CVE-2023-42824

CVE-2023-42824 is a kernel vulnerability in Apple iOS and iPadOS that could be abused by a local attacker to elevate their privileges. Apple has released a security update to address the issue, but users are encouraged to update their devices as soon as possible.

While additional details about the nature of the attacks and the identity of the threat actors perpetrating them are currently unknown, successful exploitation likely hinges on an attacker already obtaining an initial foothold by some other means.

3. Atlassian’s Critical Zero-Day Flaw: CVE-2023-22515

CVE-2023-22515 is a critical zero-day vulnerability in Atlassian Confluence Data Center and Server instances that allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. Atlassian has released fixes to address the vulnerability, but it is important to note that it is remotely exploitable, meaning that attackers do not need to have any prior access to the Confluence server in order to exploit it.

In light of the active exploitation of this vulnerability, Federal Civilian Executive Branch (FCEB) agencies are required to apply the vendor-provided patches by October 26, 2023, to secure their networks against potential threats.

What You Can Do to Protect Yourself

If you are using any of the software that is impacted by these vulnerabilities, it is important to take immediate action to protect yourself. Here are some things you can do:

  • Update your software to the latest version. This is the most effective way to protect yourself from known vulnerabilities.
  • Enable security features such as firewalls and intrusion detection systems. These can help to block malicious traffic and detect attacks.
  • Be careful about what emails you open and what attachments you download. Phishing emails are a common way for attackers to exploit vulnerabilities.
  • Implement strong passwords and multi-factor authentication. This will make it more difficult for attackers to gain access to your systems, even if they are able to exploit a vulnerability.

By following these tips, you can help to protect yourself from these and other security vulnerabilities.