CISA

The CISA has added 15 new security vulnerabilities to its catalog, aimed at system admins to patch and secure their infrastructure.

All the vulnerabilities added now are from 2014 to 2021, with the latest one being a Windows SAM bug, that if exploited would allow anyone to access the core registry files. Though patches or workarounds for all these vulnerabilities are available, system admins are delaying in applying them.

Also Read- CISA Listed 17 New Actively Exploited Vulnerabilities

CISA Vulnerabilities Catalog

The US Cybersecurity & Infrastructure Security Agency has just added a bunch of security vulnerabilities to its growing list Known Exploited Vulnerabilities Catalog, which now has about 367 in total number. All these are spotted between 2014 to 2021, and as below;

CVE ID Description Patch Deadline
CVE-2021-36934 Microsoft Windows SAM Local Privilege Escalation Vulnerability 2/24/2022
CVE-2020-0796 Microsoft SMBv3 Remote Code Execution Vulnerability 8/10/2022
CVE-2018-1000861 Jenkins Stapler Web Framework Deserialization of Untrusted Data 8/10/2022
CVE-2017-9791 Apache Struts 1 Improper Input Validation Vulnerability 8/10/2022
CVE-2017-8464 Microsoft Windows Shell (.lnk) Remote Code Execution 8/10/2022
CVE-2017-10271 Oracle Corporation WebLogic Server Remote Code Execution 8/10/2022
CVE-2017-0263 Microsoft Win32k Privilege Escalation Vulnerability 8/10/2022
CVE-2017-0262 Microsoft Office Remote Code Execution Vulnerability 8/10/2022
CVE-2017-0145 Microsoft SMBv1 Remote Code Execution Vulnerability 8/10/2022
CVE-2017-0144 Microsoft SMBv1 Remote Code Execution Vulnerability 8/10/2022
CVE-2016-3088  Apache ActiveMQ Improper Input Validation Vulnerability 8/10/2022
CVE-2015-2051 D-Link DIR-645 Router Remote Code Execution 8/10/2022
CVE-2015-1635 Microsoft HTTP.sys Remote Code Execution Vulnerability 8/10/2022
CVE-2015-1130 Apple OS X Authentication Bypass Vulnerability 8/10/2022
CVE-2014-4404 Apple OS X Heap-Based Buffer Overflow Vulnerability 8/10/2022

The latest one among them is the CVE-2021-36934, which is a Microsoft Windows SAM (Security Accounts Manager) vulnerability, which if exploited by a hacker will allow him to access the Registry database. Affecting both Windows 10 and 11 OS, this vulnerability can let hackers extract password hashes and gain administrator privileges.

Though Microsoft acknowledged this and released a patch in July 2021, many system admins are delaying it to patch. Next up is the CVE-2015-2051 – an RCE bug affecting D-Link DIR-645 routers, which is still being vulnerable and exploited by hackers.

Also, the CVE-2020-0796 is another security flaw that received a maximum severity score. It’s about the SMBv3 mishandling maliciously crafted compressed data packets, and letting the exploiter execute code remotely. This is said to be wormable in attack nature, thus being riskier.

LEAVE A REPLY

Please enter your comment!
Please enter your name here