In the first two weeks of November, CISA added 10 vulnerabilities to the KEV catalog. They are currently being exploited by hackers. In this blog, we have analyzed the CVEs that CISA recommends be patched in all federal organizations between 14-11-2022 and 29-11-2022.
Why are these CVEs important?
From our analysis we found that:
CVE-2022-3723, the 7th zero-day vulnerability from Google was exploited in the wild, following which a patch was released. A week later the CISA added it to the list of critical vulnerabilities.
CVE-2020-3433 and CVE-2020-3153 are CISCO Anyconnect Secure vulnerabilities which allow both remote code execution and privilege escalation in vulnerable devices.
CVE-2021-25337, CVE-2021-25370, and CVE-2021-25369 are Samsung device vulnerabilities which can be exploited to install spyware on phones.
How Far Back Do They Go?
Half of the CVEs are old vulnerabilities (discovered before 2022) and exploited by many ransomware groups. In particular, the BlackByte ransomware group is after the 2018 CVEs (CVE-2018-19321, CVE-2018-19322, CVE-2018-19323).
Which Vendors Are Affected?
Microsoft and GIGABYTE have the most number of vulnerabilities to be patched by the end of this month. Notable vulnerabilities in Microsoft are CVE-2022-41073 (privilege escalation) and CVE-2022-41091 (Mark-of-the-web).
Organizations must keep themselves up-to-date with these vendor advisories and upgrade their products as and when new patches are released.
Most of the vulnerabilities are ranked high on the CVSS scoring scale. Exploiting such vulnerabilities will allow attackers to cause maximum damage to their victim networks. CISCO (CVE-2020-3433 and CVE-2020-3153) vulnerabilities are actively exploited by the OldGremlin ransomware group.
The following CWEs have caused the vulnerabilities that need to be patched this week.
CVE-2018-19320, CVE-2022-41073, CVE-2022-41128, CVE-2022-41125, CVE-2018-19321, CVE-2022-41091, CVE-2018-19323 do not have any CWE associated with it.
Table: DHS CISA KEVs
We urge organizations to implement patches for these CVEs at the earliest. 10 of these vulnerabilities are trending right now and need immediate attention.With CSW’s threat-based approach and vulnerability intelligence, security teams can prioritize the threats, including all KEVs, and minimize their attack surface.
For the latest news regarding vulnerabilities that are exploited and critical threats, read our blog on Weekly Threat Intelligence.