Recent additions to CISA’s Database of Exploited Vulnerabilities: Android Pixel, Microsoft Windows, Progress Telerik Report Server
June 14, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included Android Pixel, Microsoft Windows, Progress Telerik Report Server flaws in its Database of Exploited Vulnerabilities.
CISA, the U.S. Cybersecurity and Infrastructure Security Agency, has recently announced the addition of the following vulnerabilities to its Database of Exploited Vulnerabilities (DEV):
- CVE-2024-32896: Android Pixel Privilege Escalation Vulnerability
- CVE-2024-26169: Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
- CVE-2024-4358: Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
CVE-2024-32896 refers to a privilege escalation vulnerability found in the Pixel Firmware, which has already been exploited in the wild as a zero-day operation.
CVE-2024-26169 denotes a privilege escalation flaw within the Microsoft Windows Error Reporting Service that allows attackers to gain SYSTEM-level privileges.
CVE-2024-4358 represents an authentication bypass vulnerability exploitable by unauthenticated attackers to access restricted functionality within the Telerik Report Server.
Per the Directive 22-01 on Reducing the Risk of Exploited Vulnerabilities, federal agencies must promptly address these identified vulnerabilities by the stipulated date to safeguard their networks from potential attacks leveraging the vulnerabilities listed in the database.
Security experts also recommend that private entities review the Database and mitigate any identified vulnerabilities present in their infrastructures.
CISA mandates all federal agencies to patch this vulnerability by July 4, 2024.
For more updates, follow me on Twitter: @securityaffairs, and connect with me on Facebook and Mastodon
(SecurityAffairs – hacking, Android Pixel)
About Author
