CISA Adds Google, Microsoft, and QNAP Bugs to List of Exploited Vulnerabilities

CISA added eight vulnerabilities to its catalog of exploited bugs on Monday, each given a fix date of May 2.

All issues have patches or updates available, except for CVE-2021-27852 – a deserialization of Rogue Data vulnerability affecting Checkbox, a digital forensics tool. Versions 7 and later of Checkbox Survey are not considered vulnerable to the issue, but versions 6 and earlier are end of life and should be removed from agency networks, according to CISA.

Screen Shot 2022 04 12 at 1.46.32 PM

Cve-2022-23176 addresses a privilege escalation vulnerability in WatchGuard Firebox and XTM appliances that allows remote attackers with non-privileged credentials to access the system with a privileged management session through remote access. management exposed.

According to Ars Technica, WatchGuard fixed the issue in May 2021, but said they would not share technical details about it in order to prevent threat actors from finding it. The vulnerability has a severity rating of 8.8 and WatchGuard faced a major backlash from security researchers because they waited months to give it a CVE.

Last week, the vulnerability was implicated in an extensive botnet campaign disrupted by several US law enforcement agencies, questioning WatchGuard’s decision to effectively hide the vulnerability until this year. WatchGuard estimated the number of infected systems to hover around 250 devices.

The Microsoft issues – CVE-2021-42287 and CVE-2021-42278 – also relate to privilege escalation vulnerabilities affecting Microsoft Active Directory Domain Services.

Google’s CVE-2021-39793 – patched in March – affects Pixel devices and the patches address an out-of-bounds write vulnerability “due to a logical error in the code that could lead to local privilege escalation”.

The Linux vulnerability, CVE-2021-22600, involves a privilege escalation vulnerability in the packet socket implementation that could lead to improper freeing of memory. “A local user could exploit this for denial of service or possibly for privilege escalation,” CISA said.

CVE-2020-2509 is for a zero-day vulnerability of QNAP patched in April 2021. The command injection vulnerability, which affects legacy QNAP Systems storage hardware, could allow attackers to execute code remotely.

Telerik vulnerability – CVE-2017-11317 – affects Telerik UI for ASP.NET AJAX. It Allows remote attackers to perform arbitrary file downloads or execute arbitrary code.

CISA added 15 vulnerabilities to its catalog in April.

Jonathan has worked internationally as a journalist since 2014. Prior to returning to New York, he worked for news outlets in South Africa, Jordan and Cambodia. Previously, he covered cybersecurity at ZDNet and TechRepublic.

Leave a Comment