U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of shortcomings is as follows –
- CVE-2022-47986 (CVSS score: 9.8) – IBM Aspera Faspex Code Execution Vulnerability
- CVE-2022-41223 (CVSS score: 6.8) – Mitel MiVoice Connect Code Injection Vulnerability
- CVE-2022-40765 (CVSS score: 6.8) – Mitel MiVoice Connect Command Injection Vulnerability
CVE-2022-47986 is described as a YAML deserialization flaw in the file transfer solution that could allow a remote attacker to execute code on the system.
Details of the flaw and a proof-of-concept (PoC) were shared by Assetnote on February 2, a day after which the Shadowserver Foundation said it “picked up exploitation attempts” in the wild.
The active exploitation of the Aspera Faspex flaw comes shortly after a vulnerability in Fortra’s GoAnywhere MFT-managed file transfer software (CVE-2023-0669) was abused by threat actors with potential links to the Clop ransomware operation.
CISA also added two flaws impacting Mitel MiVoice Connect (CVE-2022-41223 and CVE-2022-40765) that could permit an authenticated attacker with internal network access to execute arbitrary code.
Exact specifics surrounding the nature of the attacks are unclear, but another flaw in MiVoice Connect was exploited last year to deploy ransomware. The vulnerabilities were patched by Mitel in October 2022.
In light of in-the-wild exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by March 14, 2023, to secure networks against potential threats.
CISA, in a related development, also released an Industrial Control Systems (ICS) advisory that touches upon critical flaws (CVE-2022-26377 and CVE-2022-31813) in Mitsubishi Electric’s MELSOFT iQ AppPortal.
“Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information disclosure, denial-of-service, or bypass IP address authentication,” the agency said.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
