CISA warns of these 5 vulnerabilities

CISA has added five new actively exploited vulnerabilities to its catalogue. Admins should quickly seal these vulnerabilities to prevent attacks.

 

The US cyber security authority CISA (short for “Cybersecurity & Infrastructure Security Agency”) has published its catalog of security vulnerabilities actively exploited on the Internet, the Known Exploited Vulnerabilities Catalog, added five new entries. US federal authorities have to seal these gaps within two weeks due to CISA’s authority to issue directives – but local admins should also take appropriate protective measures as soon as possible to prevent possible attacks.

 

CVE-2022-42475 in FortiOS

Fortinet does not provide many details about the critical vulnerability in FortiOS in its Security Advisory. It is known that a heap-based buffer overflow can occur in the FortiOS SSL VPN when processing carefully crafted requests. As a result, attackers from the network can smuggle in and execute any code without logging on to the system. Fortinet closes this vulnerability with updates to FortiOS 7.2.3, 7.0.9, 6.4.11, and 6.2.12 and later versions. There are also updates for FortiOS 6K7K versions to 7.0.8, 6.4.10, 6.2.12 and 6.0.15 or newer.

 

CVE-2022-27518 in Citrix ADC & Gateway

The vulnerability in Citrix ADC and Gateway, which is also critical, can be abused by attackers from the network without logging in to push arbitrary code onto the machines and execute it. So they can consequently compromise the machines. Again, there aren’t many details about the gap yet. Citrix warns in its security bulletin that a Citrix ADC or Gateway must be configured as SAML SP or SAML IdP. IT managers can find out whether this is the case by examining the ns.conf file for the entries “add authentication samlAction” (SAML SP) or “add authentication samlIdPProfile” (SAML IdP). If these exist, the respective machine is vulnerable. The manufacturer points out that the available updates should be installed as soon as possible.

 

CVE-2022-33698 on Windows

The Windows vulnerability allows attackers to bypass the Windows SmartScreen protection mechanism . To do this, they lure their victims to a website they control. If a file prepared with malicious code is opened there, this can lead to a Trojan infection. This gap was closed on the Microsoft patch day in December. Here, too, the provided updates should be carried out urgently.

 

CVE-2022-26500 & CVE-2022-26501 in Veeam Backup & Replication

The other two vulnerabilities listed relate to a critical and a high-risk vulnerability in Veeam Backup and Replication. Specifically, the vulnerability is found in the Veeam Distribution Service, which listens on TCP port 9380 by default. Attackers could start here without authentication. A crafted request to internal API functions could result in the upload and execution of malicious code.

Both vulnerabilities were patched back in March 2022. At that time, the developers stated that they had secured versions 10a build 10.0.1.4854 P20220304 and 11a build 11.0.1.1261 P20220302 against such attacks. If you are still using version 9.5, you should upgrade to a current version. Users can find information about the update in the articles on the secured versions 10a or 11a.