{"id":16411,"date":"2023-01-21T09:14:48","date_gmt":"2023-01-21T16:14:48","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=16411"},"modified":"2023-03-16T09:26:05","modified_gmt":"2023-03-16T16:26:05","slug":"dhs-cisa-kevs-weekly-edition-26-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/dhs-cisa-kevs-weekly-edition-26-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 26: Patch Before You Hit the Deadline"},"content":{"rendered":"<p>The US Cyber Security department is taking an aggressive approach in tackling cyber attacks including counter attacks on cybercriminals, imposing mandatory cybersecurity regulations for sectors commonly under attack, strengthening cyber security for energy pipelines, etc. There are totally 870 vulnerabilities in the KEV catalog right now. 7 of them need your attention this week.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-16412 size-large\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_26_image1-1024x559.png\" alt=\"\" width=\"640\" height=\"349\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image1-1024x559.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image1-300x164.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image1-768x419.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image1-1536x839.png 1536w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image1.png 2000w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<h2 dir=\"ltr\">Why are these CVEs important?<\/h2>\n<p dir=\"ltr\">From our analysis, we found that<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">All 7 vulnerabilities are weaponized and have been exploited in the wild.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">CVE-2018-18809 and CVE-2018-5430 are TIBCO vulnerabilities that were discovered in 2018. These two vulnerabilities were recently exploited in attacks following which\u00a0<a href=\"https:\/\/www.securityweek.com\/cisa-says-two-old-jasperreports-vulnerabilities-exploited-attacks\">CISA added them<\/a>\u00a0to the KEV.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-42475\">CVE-2022-42475<\/a>\u00a0is a FortiOS vulnerability which is actively being exploited by suspected Chinese threat actors deploying a new malware known as BOLDMOVE.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-44698\">CVE-2022-44698<\/a>\u00a0is a security feature bypass vulnerability in Windows SmartScreen, a feature built into Windows that works with its Mark of the Web (MOTW) functionality. It is widely exploited by threat actors.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/www.veeam.com\/kb4288\">CVE-2022-26501 and CVE-2022-26500<\/a>\u00a0are Veeam Backup and Replication vulnerabilities that are also exploited currently. They allow remote authenticated users access to internal API functions that can allow unauthenticated attackers to remotely upload and execute arbitrary code.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">CVE-2022-27518 impacts the products mentioned only when configured as a Security Assertion Markup Language (SAML) service provider (SP) or a SAML identity provider (IdP). Targeted attacks by APT5 have been observed in the wild, making it critical for customers to patch this vulnerability.<\/p>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\">How Far Back Do They Go?<\/h2>\n<p dir=\"ltr\">Only the TIBCO vulnerabilities date back to 2018. Rest of the vulnerabilities were discovered in 2022. The TIBCO vulnerabilities were trending recently which prompted CISA to add it to the KEV catalog.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter wp-image-16413 size-large\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_26_image2-1024x729.png\" alt=\"\" width=\"640\" height=\"456\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image2-1024x729.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image2-300x214.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image2-768x547.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image2.png 1500w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<h2 dir=\"ltr\">Which Vendors Are Affected?<\/h2>\n<p dir=\"ltr\">Multiple vendors including Veeam and Apple are affected. The Citrix vulnerability can affect multiple products if the device has SAML configured.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter wp-image-16414 size-large\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_26_image3-1024x683.png\" alt=\"\" width=\"640\" height=\"427\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image3-1024x683.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image3-300x200.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image3-768x512.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image3.png 1500w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<h2 dir=\"ltr\">Severity Scores<\/h2>\n<p>Most vulnerabilities are ranked high and critical on the CVSS scale. CVE-2022-44698 is given a 5.4 rating.<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-16415 size-large\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_26_image4-1024x776.png\" alt=\"\" width=\"640\" height=\"485\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image4-1024x776.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image4-300x227.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image4-768x582.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image4.png 1500w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\">Software Weaknesses<\/h2>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-16416 size-large\" src=\"https:\/\/webdev.securin.xyz\/wp-content\/uploads\/2023\/03\/patchwatch_26_image5-1024x625.png\" alt=\"\" width=\"640\" height=\"391\" srcset=\"https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image5-1024x625.png 1024w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image5-300x183.png 300w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image5-768x468.png 768w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image5-1536x937.png 1536w, https:\/\/10.42.32.162\/wp-content\/uploads\/2023\/03\/patchwatch_26_image5.png 2000w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>CVE-2022-42475 and CVE-2022-27518 do not have any CWEs associated to them.<\/p>\n<p>&nbsp;<\/p>\n<p><iframe class=\"airtable-embed\" src=\"https:\/\/airtable.com\/embed\/shruajWcLVR8CtwWa?backgroundColor=blue&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\">Table: DHS CISA KEVs<\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><strong>We urge organizations to implement patches for these CVEs at the earliest. With Securin\u2019s threat-based approach and vulnerability intelligence, security teams can prioritize the threats, including all KEVs, and minimize their attack surface.<\/strong><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\">For the latest news regarding vulnerabilities that are exploited and critical threats, read our blog on\u00a0Weekly Threat Intelligence.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The US Cyber Security department is taking an aggressive approach in tackling cyber attacks including counter attacks on cybercriminals, imposing mandatory cybersecurity regulations for sectors commonly under attack, strengthening cyber security for energy pipelines, etc. There are totally 870 vulnerabilities in the KEV catalog right now. 7 of them need your attention this week. Why [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14436,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/patch_watch\/16411"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/14436"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=16411"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/patch_category?post=16411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}