Recently, the exploitation of these critical vulnerabilities in the wild has been by some vulnerability research groups. In order to raise awareness and promote security, we are sharing further details and encouraging everyone to remain vigilant.
CVE-2022-47986: IBM Aspera Faspex
A critical security flaw, identified as CVE-2022-47986, was discovered two months ago in IBM’s widely-used Aspera Faspex file transfer platform, allowing hackers to execute arbitrary code. This vulnerability is increasingly attracting the attention of cybercriminals, including ransomware gangs, as many organizations have not yet applied the available patch. Despite IBM releasing a patch to address this issue months ago, it continues to be exploited in the wild. It is strongly advised that organizations implement the patch immediately, rather than waiting for a standard patch cycle.
The vulnerability affects Faspex version 4.4.2 Patch Level 1 and has been assigned a severity score of 9.8 out of 10 on the CVSS scale. According to IBM, attackers can remotely execute code on any system running the vulnerable Faspex version by sending a specifically designed obsolete API call. The patch for CVE-2022-47986 is readily available, with a straightforward upgrade to either Patch Level 2 or the latest Patch Level 3, released on March 20th. However, based on public network scans, over a hundred exposed instances of Aspera remain unpatched. Many more instances could be present within corporate networks, making them ideal targets for lateral movements by cybercriminals.
New Known Exploited Vulnerabilities by CISA
On March 30th, CISA updated its Known Exploited Vulnerabilities Catalog by including ten additional vulnerabilities that show evidence of active exploitation. Some of these security flaws have persisted for several years, yet they continue to be exploited by cybercriminals. It is strongly recommended that any existing instances of Internet Explorer be removed immediately. Additionally, it is crucial to promptly patch all other applications and operating systems to ensure enhanced security.
CVE-2013-3163 Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2014-1776 Microsoft Internet Explorer Memory Corruption Vulnerability
CVE-2017-7494 Samba Remote Code Execution Vulnerability – CVSS 9.8, almost 6 years old!
CVE-2022-42948 Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability – CVSS 9.8
CVE-2022-39197 Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability – CVSS 6.8
CVE-2021-30900 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability – CVSS 7.8
CVE-2022-38181 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability – CVSS 8.8
CVE-2023-0266 Linux Kernel Use-After-Free Vulnerability – CVSS 7.9
CVE-2022-3038 Google Chrome Use-After-Free Vulnerability – CVSS 8.8
CVE-2022-22706 Arm Mali GPU Kernel Driver Unspecified Vulnerability – CVSS 7.8
Action1 provides a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.