The Cybersecurity and Infrastructure Security Agency (CISA) has added Intel, Oracle, TerraMaster, Forta, and SugarCRM vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CISA warned “these types of vulnerabilities are a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise.”
As a result, these vulnerabilities have been added to the Catalog based on evidence of active exploitation.
Just last week, CISA added an Oracle E-Business Suite Unspecified Vulnerability (CVE-2022-21587) to its Known Exploited Vulnerabilities Catalog.
This Critical vulnerability was patched last October as part of Oracle’s Critical Patch Update Advisory for October 2022.
“Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator,” NIST wrote in an advisory.
This issue has a CVSS base score of 9.8.
On February 10, 2023, CISA added an Ethernet Diagnostics Driver for Windows vulnerability (CVE-2015-2291) to its Known Exploited Vulnerabilities Catalog.
Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service.
Other exploited CVEs
In addition, CISA added three other vulnerabilities to its Catalog, to include recent CVEs for TerraMaster and Forta added on February 10, 2023:
- CVE-2022-24990: TerraMaster OS Remote Command Execution Vulnerability (no CVSS score at time of publication).
- CVE-2023-0669: Fortra GoAnywhere MFT Remote Code Execution Vulnerability (no CVSS score at time of publication).
- CVE-2023-22952: Multiple SugarCRM Products Remote Code Execution Vulnerability (CVSS 8.8).
Readers may recall back in early 2021, when researchers had discovered a malware dubbed “FreakOut” that exploited new Linux vulnerabilities, to include another TerraMaster remote code execution vulnerability CVE-2020-28188.
Once a device is infected by FreakOut, attackers used the malware as a remote-controlled attack platform to then target other unpatched machines to spread the infection.
Regarding the latter SugarCRM CVE, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. This issues affects SugarCRM before 12.0, Hotfix 91155.
- FreakOut malware exploits new Linux vulnerabilities
- CISA Adds Telerik and Zoho Vulnerabilities To Known Exploited Vulnerabilities Catalog
- CISA adds Critical CWP vulnerability to Known Exploited Vulnerabilities Catalog
- CISA and FBI alert: Attackers actively exploiting vulnerability in Zoho ManageEngine ServiceDesk Plus
- Attackers exploit ZOHO ManageEngine ADSelfService Plus software