Home » Breaking Computer security data security Latest Cybersecurity News Linux security Mac security Windows security

CISA lists 7 critical vulnerabilities exploited by hackers in the wild 

William Marshal Posted On August 19, 2022
0


CISA seven vulnerabilities

The CISA has mentioned seven new vulnerabilities to the list of bugs that are actively exploited by threat actors as per the latest flaws published by Apple, SAP, Google and Microsoft.

The flaws have to be patched by Federal Civilian Executive Branch (FCEB) agencies. With the inclusion of these seven vulnerabilities the updated catalog now has 801 CVEs and the agencies linked to these flaws must have updated the associated patches within Sep 8th, 2022 as per CISA mandate.

Seven vulnerabilities that needs to be patched

CVE NumberVulnerability Title
CVE-2017-15944Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
CVE-2022-21971Microsoft Windows Runtime Remote Code Execution Vulnerability
CVE-2022-26923Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CVE-2022-2856Google Chrome Intents Insufficient Input Validation Vulnerability
CVE-2022-32893Apple iOS and macOS Out-of-Bounds Write Vulnerability
CVE-2022-32894Apple iOS and macOS Out-of-Bounds Write Vulnerability
CVE-2022-22536SAP Multiple Products HTTP Request Smuggling Vulnerability
Seven Vulnerabilities listed by CISA Patch Catalog

Taking look at the seven critical vulnerabilities in detail

  • The CVE-2022-22536 flaw was disclosed by Onapsis earlier this year with a security rating of 10/10 severity. CISA immediately alerted the IT community to patch the same as this could lead to data theft, access to business sensitive data, ransomware attacks and other malicious attacks. The details of the flaw was discussed in the BlackHat Security Conference, and it was mentioned that attackers are actively exploiting the flaw in the wild.
  • In addition to that, Apple released the macOS, iOS and iPadOS security updates for the CVE-2022-32894 and CVE-2022-32893 vulnerabilities that these flaws can be manipulated to exploit the device via code executions and kernel privileges. This could provide complete compromise and takeover of devices.
  • Also, the CVE-2022-2856 vulnerability was identified in Google Chrome 101.0.5112.101 recently. Microsoft handled the CVE-2022-21971 vulnerability in the Feb 2022 Patch Tuesday, however, the details about exploitation weren’t disclosed.
  • Similarly, CVE-2022-26923 an AD Services Privilege Elevation Vulnerability was fixed in May 2022, and in this case the details about the flaw were disclosed.
  • The Seventh and final vulnerability is Palo Altos Networks CVE-2017-15944 remote code execution vulnerability that was first disclosed in 2017.

The case with Palo Altos Networks vulnerability is surprising as the flaw was reported five years ago but there are devices that are still vulnerable to this exploit.

Security and IT teams are requested to look into the Known Exploited Vulnerabilities Catalog published by CISA and patch the listed flaws within their environment ASAP.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.

Share the article with your friends




Author

William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

You may also like
Best Microsoft Intune Alternatives: Top 5 MDMs to Consider
November 4, 2024
Top 7 Best Smartphones with Best Security Features in 2024
October 13, 2024
Top 11 Log Management Tools for Efficient System Management
September 20, 2024
Leave A Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.