The United States of America’s cyber defense agency added actively exploited vulnerabilities to its catalog. There were five known vulnerabilities added in the latest CISA advisory. Among the impacted vendors were Microsoft, Cisco, and Adobe. The CISA vulnerability advisory highlighted the danger the exploitation of the said bugs poses to the federal enterprise.
The actively exploited vulnerabilities were CVE-2023-21608 (Adobe), CVE-2023-20109 (Cisco), CVE-2023-41763 (Microsoft), CVE-2023-36563 (Microsoft), and CVE-2023-44487 (HTTP/2 protocol).
About the Actively Exploited Vulnerabilities
The CISA vulnerability advisory urged the Federal Civilian Executive Branch (FCEB) and all organizations to remediate the five actively exploited vulnerabilities. The users that have not installed updates are vulnerable to exploitation.
These are the details about the vulnerabilities –
- CVE-2023-21608 in Adobe Acrobat Reader affected versions 22.003.20282 and 22.003.20281. The previous versions of these products are also susceptible to attacks if not addressed. The vulnerability in the Adobe Systems product was assigned a base score of 7.8. Hackers could execute arbitrary codes, however, it relies on the actions of the user on the device.
- CVE-2023-20109 in Cisco IOS and IOS XE software could allow a cybercriminal with administrative controls to crash the device or run arbitrary codes. This vulnerability in Cisco products was assigned a base score of 6.6 making it a medium risk bug.
- CVE-2023-41763 in Microsoft’s Skype could be exploited by hackers to elevate privileges. The NIST report added that this vulnerability was awaiting analysis. It was assigned a base score of 5.3.
- CVE-2023-36563 in Microsoft WordPad could allow cybercriminals to access NTLM hashes. NTLM hash is the format in which passwords are stored by Microsoft cryptographically. These hashes help secure systems by authenticating selected users to access data. This vulnerability in a Microsoft product was assigned a base score of 6.5.
- CVE-2023-44487 was also noted as awaiting an analysis. It was not assigned a score at the time of writing. This vulnerability could allow a cybercriminal to launch a denial of service attack. The exploitation of this vulnerability was found through August and October 2023. According to a Cloudflare report, this vulnerability was abused by cybercriminals to send over 201 million requests per second.
The exploitation of the CVE-2023-44487 recorded recently overpassed the previous biggest attack of this kind on record.
The attack was carried out by using a botnet of 20,000 machines after abusing some features of the HTTP/2 protocol.
These five actively exploited vulnerabilities point toward the present cybercrime landscape which has seen countless denial of service attacks launched by hacktivist groups. Moreover, the CISA vulnerability advisory along with other resources provided on it makes clear that active exploitation of the bugs can and should be mitigated.
In the wake of the Cyber Security Awareness Month and its campaigns which aptly includes software updates among the four easy steps to security, all users must religiously install software updates. This could prevent exploitation of not just their data, but the enterprise they connect with.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.