US CERT Current Activity
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
May 12, 2023
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25717 Multiple Ruckus Wireless Products CSRF and RCE Vulnerability CVE-2021-3560 Red Hat Polkit Incorrect Authorization Vulnerability CVE-2014-0196 Linux Kernel Race Condition Vulnerability CVE-2010-3904 Linux Kernel Improper Input Validation Vulnerability CVE-2015-5317 Jenkins User Interface (UI) Information Disclosure Vulnerability CVE-2016-3427 Oracle Java SE and JRockit Unspecified Vulnerability CVE-2016-8735 Apache Tomcat Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability
May 11, 2023
CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability (CVE-2023-27350). FBI observed malicious actors exploit CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, FBI observed a group self-identifying as the Bl00dy Ransomware Gang attempting to exploit vulnerable PaperCut servers against the Education Facilities Subsector. The advisory further provides detection methods for exploitation and details known indicators of compromise (IOCs) related to the group’s activity. CISA encourages network defenders to review and apply the recommendations in the Detection Methods and Mitigations sections of this CSA. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
CISA Releases Fifteen Industrial Control Systems Advisories
May 11, 2023
CISA released fifteen Industrial Control Systems (ICS) advisories on May 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-131-01 Siemens Solid Edge ICSA-23-131-02 Siemens SCALANCE W1750D ICSA-23-131-03 Siemens Siveillance ICSA-23-131-04 Siemens SIMATIC Cloud Connect 7 ICSA-23-131-05 Siemens SINEC NMS Third-Party ICSA-23-131-06 Siemens SCALANCE LPE9403 ICSA-23-131-07 Sierra Wireless AirVantage ICSA-23-131-08 Teltonika Remote Management System and RUT Model Routers ICSA-23-131-09 Rockwell Automation Kinetix 5500 EtherNetIP Servo Drive ICSA-23-131-10 Rockwell Automation Arena Simulation Software ICSA-23-131-11 BirdDog Cameras & Encoders ICSA-23-131-12 SDG PnPSCADA ICSA-23-131-13 PTC Vuforia Studio ICSA-23-131-14 Rockwell PanelView 800 ICSA-23-131-15 Rockwell ThinManager CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
May 9, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29336 Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases May 2023 Security Updates
May 9, 2023
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2023 Security Update Guide and Deployment Information and apply the necessary updates.
Mozilla Releases Security Advisories for Multiple Products
May 9, 2023
Mozilla has released security advisories to address vulnerabilities in Firefox and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Security Vulnerabilities fixed in Firefox 113 Mozilla Foundation Security Advisory 2023-16 Security Vulnerabilities fixed in Firefox ESR 102.11 Mozilla Foundation Security Advisory 2023-17 For updates addressing lower severity vulnerabilities, see the Mozilla Foundation Security Advisories page.
CISA Releases Two Industrial Control Systems Advisories
May 9, 2023
CISA released two Industrial Control Systems (ICS) advisories on May 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-129-02 Hitachi Energy MSM ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update F) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors
May 9, 2023
Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat. CISA urges organizations to review the advisory for more information and apply the recommended mitigations and detection guidance. For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage.
CISA Releases One Industrial Control Systems Advisory
May 4, 2023
CISA released one Industrial Control Systems (ICS) advisory on May 4, 2023.This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-263-03 Dataprobe iBoot-PDU (Update A)
CISA Releases One Industrial Control Systems Advisory
May 2, 2023
CISA released one Industrial Control Systems (ICS) advisory on May 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-122-01 Mitsubishi Electric Factory Automation Products
CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans
May 1, 2023
The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019. As the 6th annual National Supply Chain Integrity Month concludes, CISA reminds all critical infrastructure owners and operators to take necessary steps in securing the nation’s most critical supply chains. CISA urges organizations to incorporate the Covered List into their supply chain risk management efforts, in addition to adopting recommendations listed in Defending Against Software Supply Chain Attacks—a joint CISA and NIST resource that provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework to identify, assess, and mitigate risks. All critical infrastructure organizations are also urged to enroll in CISA’s free Vulnerability Scanning service for assistance in identifying vulnerable or otherwise high-risk devices such as those on FCC’s Covered List. To learn more about CISA’s supply chain efforts and to view resources, visit CISA.gov/supply-chain-integrity-month.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
May 1, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability CVE-2023-21839 Oracle WebLogic Server Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Requests for Comment on Secure Software Self-Attestation Form
Apr 28, 2023
CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software development efforts. Visit CISA.gov/secure-software-attestation-form for more information and to review the document. The comment period is open until June 26, 2023. CISA is specifically requesting insight on the feasibility, clarity, and usefulness of the document. To submit a comment, click the comment box at the top of Regulations.gov.
CISA Releases One Industrial Control Systems Medical Advisory
Apr 27, 2023
CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS medical advisory for technical details and mitigations: ICSMA-23-117-01 Illumina Universal Copy Service
CISA Releases Two Industrial Control Systems Advisories
Apr 25, 2023
CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-115-01 Keysight N8844A Data Analytics Web Service ICSA-23-115-02 Scada-LTS Third Party Component CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Abuse of the Service Location Protocol May Lead to DoS Attacks
Apr 25, 2023
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS attacks using spoofed source addresses. As noted by Bitsight, many SLP services visible on the internet appear to be older and likely abandoned systems. Administrators should consider disabling or restricting network access to SLP servers. Some organizations such as VMware have evaluated CVE-2023-29552 and have provided a response, see VMware Response to CVE-2023-29552 – reflective Denial-of-Service (DoS) amplification vulnerability in SLP for more information. CISA urges organizations to review Bitsight’s blog post for more details and see CISA’s article on Understanding and Responding to Distributed Denial-of-Service Attacks for guidance on reducing the likelihood and impact of DoS attacks.
Cisco Releases Security Advisories for Multiple Products
Apr 21, 2023
Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling Labs, StarOS Software, and BroadbandWorks Network Server. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates. Industrial Network Director cisco-sa-ind-CAeLFk6V Modeling Labs cisco-sa-cml-auth-bypass-4fUCCeG5 IOS and IOS XE cisco-sa-20170629-snmp StarOS cisco-sa-staros-ssh-privesc-BmWeJC3h BroadWorks Network Server cisco-sa-bw-tcp-dos-KEdJCxLs For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Apr 21, 2023
Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CORE-2023-005 for more information and apply the necessary updates.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Apr 21, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28432 MinIO Information Disclosure Vulnerability CVE-2023-27350 PaperCut MF/NG Improper Access Control Vulnerability CVE-2023-2136 Google Chrome Skia Integer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
VMware Releases Security Update for Aria Operations for Logs
Apr 21, 2023
VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs (formerly vRealize Log Insight). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0007 and apply the necessary updates.
