On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, adding three identified security flaws currently under active exploitation. This action underscores the ongoing priority for organizations to remain vigilant and address vulnerabilities promptly to protect their systems.
The newly cataloged vulnerabilities include CVE-2023-36584, a Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability, rated with a CVSS score of 5.4; CVE-2023-1671, a command injection vulnerability in Sophos Web Appliance, with a critical CVSS score of 9.8; and CVE-2020-2551, an unspecified vulnerability in Oracle Fusion Middleware, also scoring 9.8. Businesses utilizing these systems should prioritize patching to safeguard against potential exploits.
CVE-2023-1671 is particularly concerning, as it allows pre-auth command injection, enabling an attacker to execute arbitrary code without prior authorization. Similar to CVE-2020-2551, which allows attackers with network access to compromise the WebLogic Server, these vulnerabilities present significant risks.
Currently, there are no public reports indicating in-the-wild attacks exploiting CVE-2023-1671. However, in July 2023, Cybernews reported a vulnerability in a subdomain of Harvard University, highlighting ongoing risks associated with public-facing web services. Each of these vulnerabilities serves as a reminder of the potential for exploitation if not addressed.
The recent addition of CVE-2023-36584 stems from a report by Palo Alto Networks’ Unit 42, regarding spear-phishing attacks orchestrated by the pro-Russian APT group Storm-0978. These attacks targeted organizations related to Ukraine’s NATO bid, showcasing how geopolitical tensions can influence cybersecurity threats. Microsoft patched CVE-2023-36584 during its October 2023 security updates, indicating the urgency behind addressing these vulnerabilities.
Federal agencies are advised to implement fixes for these vulnerabilities by December 7, 2023, as a proactive measure against potential threats.
In a related development, Fortinet has announced a critical command injection vulnerability in its FortiSIEM report server, designated as CVE-2023-36553, with a CVSS score of 9.3. This flaw may allow attackers to execute unauthorized commands through specially crafted API requests. The vulnerability impacts multiple FortiSIEM version releases, with patches already available in the latest versions.
Fortinet’s advisory noted that this vulnerability is related to a previously disclosed flaw, CVE-2023-34992. The emphasis on securing FortiSIEM underlines the critical nature of maintaining update protocols across IT infrastructures.
Industry stakeholders understand that vulnerabilities like CVE-2023-1671 and CVE-2023-36584 can lead to tactics associated with the MITRE ATT&CK framework, particularly in the areas of initial access and privilege escalation. For business owners, maintaining awareness of these vulnerabilities is key to implementing robust security measures and mitigating potential attacks effectively.
In conclusion, adherence to cybersecurity best practices, including timely patch application and continuous threat monitoring, remains essential for organizations aiming to fortify their defenses against an evolving landscape of cyber threats. Strong communication with vendors and understanding of the implications of identified vulnerabilities cannot be overstated in the contemporary cybersecurity environment.
