The CISA has added 15 new security vulnerabilities to its catalog, aimed at system admins to patch and secure their infrastructure.
All the vulnerabilities added now are from 2014 to 2021, with the latest one being a Windows SAM bug, that if exploited would allow anyone to access the core registry files. Though patches or workarounds for all these vulnerabilities are available, system admins are delaying in applying them.
CISA Vulnerabilities Catalog
The US Cybersecurity & Infrastructure Security Agency has just added a bunch of security vulnerabilities to its growing list Known Exploited Vulnerabilities Catalog, which now has about 367 in total number. All these are spotted between 2014 to 2021, and as below;
|CVE ID||Description||Patch Deadline|
|CVE-2021-36934||Microsoft Windows SAM Local Privilege Escalation Vulnerability||2/24/2022|
|CVE-2020-0796||Microsoft SMBv3 Remote Code Execution Vulnerability||8/10/2022|
|CVE-2018-1000861||Jenkins Stapler Web Framework Deserialization of Untrusted Data||8/10/2022|
|CVE-2017-9791||Apache Struts 1 Improper Input Validation Vulnerability||8/10/2022|
|CVE-2017-8464||Microsoft Windows Shell (.lnk) Remote Code Execution||8/10/2022|
|CVE-2017-10271||Oracle Corporation WebLogic Server Remote Code Execution||8/10/2022|
|CVE-2017-0263||Microsoft Win32k Privilege Escalation Vulnerability||8/10/2022|
|CVE-2017-0262||Microsoft Office Remote Code Execution Vulnerability||8/10/2022|
|CVE-2017-0145||Microsoft SMBv1 Remote Code Execution Vulnerability||8/10/2022|
|CVE-2017-0144||Microsoft SMBv1 Remote Code Execution Vulnerability||8/10/2022|
|CVE-2016-3088||Apache ActiveMQ Improper Input Validation Vulnerability||8/10/2022|
|CVE-2015-2051||D-Link DIR-645 Router Remote Code Execution||8/10/2022|
|CVE-2015-1635||Microsoft HTTP.sys Remote Code Execution Vulnerability||8/10/2022|
|CVE-2015-1130||Apple OS X Authentication Bypass Vulnerability||8/10/2022|
|CVE-2014-4404||Apple OS X Heap-Based Buffer Overflow Vulnerability||8/10/2022|
The latest one among them is the CVE-2021-36934, which is a Microsoft Windows SAM (Security Accounts Manager) vulnerability, which if exploited by a hacker will allow him to access the Registry database. Affecting both Windows 10 and 11 OS, this vulnerability can let hackers extract password hashes and gain administrator privileges.
Though Microsoft acknowledged this and released a patch in July 2021, many system admins are delaying it to patch. Next up is the CVE-2015-2051 – an RCE bug affecting D-Link DIR-645 routers, which is still being vulnerable and exploited by hackers.
Also, the CVE-2020-0796 is another security flaw that received a maximum severity score. It’s about the SMBv3 mishandling maliciously crafted compressed data packets, and letting the exploiter execute code remotely. This is said to be wormable in attack nature, thus being riskier.