The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog.
An attacker could exploit these vulnerabilities to take over impacted systems.
The most recent vulnerabilities added to the the catalog include those affecting Sudo, SMBv1 and Microsoft HTTP Protocol Stack:
- CVE-2021-3156: Sudo Heap-Based Buffer Overflow Vulnerability
- CVE-2017-0148: SMBv1 server
- CVE-2021-31166: HTTP Protocol Stack RCE.
Of special note, Qualys Research Team discovered the sudo vulnerability CVE-2021-3156 in January 2021 and found it had a wide-ranging impact over many years.
“The vulnerability itself has been hiding in plain sight for nearly 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration,” wrote Animesh Jain, Vulnerability Signatures Product Manager, of Qualys in a blog post.
Also, SMBv1 CVE-2017-0148 and other SMB-related vulnerabilities have been common targets of hackers.
For instance, Microsoft patched an SMB-related (SMBv3) RCE vulnerability CVE-2020-0796 dubbed SMBGhost in March of 2020.
“Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client,” Microsoft stated in the advisory.
Finally, a security researcher had published proof-of-concept (PoC) exploit code in May of 2021 for the Windows HTTP protocol stack remote code execution (RCE) vulnerability CVE-2021-31166.
Microsoft patched the Critical vulnerability CVE-2021-31166 (CVSS base score of 9.8) in May 2021 as part of its monthly security updates.
“In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets,” Microsoft stated in the advisory.
Readers can check out the most recent CISA post on April 6, 2022, as well the complete Known Exploited Vulnerabilities Catalog.