The Cybersecurity and Infrastructure Security Agency (CISA) has added Veritas, Windows and Arm Mali GPU Kernel vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CISA warned “these types of vulnerabilities are a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise.”
As a result, these vulnerabilities have been added to the Catalog based on evidence of active exploitation.
On April 7, 2023, CISA added three Veritas remote code execution vulnerabilities to its Known Exploited Vulnerabilities Catalog (along with CVSS score):
- CVE-2021-27876: Veritas Backup Exec Agent File Access Vulnerability (CVSS 8.1)
- CVE-2021-27877: Veritas Backup Exec Agent Improper Authentication Vulnerability (CVSS 8.2)
- CVE-2021-27878: Veritas Backup Exec Agent Command Execution Vulnerability (CVSS 8.8).
Each of the issues affect Veritas Backup Exec before 21.2 and were originally published March 1, 2021 (subsequently updated September 27, 2022).
According to NIST, the most severe of the flaws (CVE-2021-27878) is caused by a vulnerability in SHA authentication that could result in remote code execution:
The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.NIST
On April 7, CISA also added a Microsoft Windows Certificate Dialog Elevation of Privilege vulnerability (CVE-2019-1388) to the Catalog. Originally patched on November 12, 2019, this issue exists because it does not properly enforce user privileges.
According to Microsoft, “an attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.”
The security update addresses the vulnerability by ensuring Windows Certificate Dialog properly enforces user privileges.
Arm Mali GPU CVE
Moreover, CISA added a fifth exploited flaw to its Catalog, an Information Disclosure vulnerability (CVE-2022-46396) that affects Arm Mali Graphics Processing Unit (GPU) Kernel Drivers.
More specifically, the vulnerability affects the Valhall GPU Kernel Driver (all versions from r29p0 – r41p0) and Avalon GPU Kernel Driver (r41p0).
According to the advisory, “a non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds.”