The US Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
The security vulnerabilities are:
- CVE-2023-1389 (CVSS Score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability
- CVE-2021-45046 (CVSS score: 9.0) – Apache Log4j2 deserialization of untrusted data vulnerability
- CVE-2023-21839 (CVSS Score: 7.5) – Oracle WebLogic Server Unidentified Vulnerability
CVE-2023-1389 concerns a command injection case affecting TP-Link Archer AX-21 routers that can be exploited to remotely execute code. According to Trend Micro’s Zero Day Initiative, this vulnerability has been exploited by attackers associated with the Mirai botnet since April 11, 2023.
The second flaw to be added to the KEV catalog is CVE-2021-45046, a remote code execution affecting the Apache Log4j2 logging library revealed in December 2021.
While it is currently unclear how this particular vulnerability is being exploited in the wild, data collected by GreyNoise shows evidence of exploitation attempts from up to 74 unique IP addresses over the past 30 days. However, this also includes CVE-2021-44228 (aka Log4Shell).
Completing the list is a high-severity bug in Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 that may allow unauthorized access to sensitive data. I have. It was patched by the company as part of an update released in January 2023.
“Oracle WebLogic Server contains an unspecified vulnerability that allows unauthenticated attackers with network access over T3, IIOP to compromise Oracle WebLogic Server,” CISA said. says.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
Save my seat!
A proof-of-concept (PoC) exploit exists for this vulnerability, but there does not appear to be a public report of a malicious exploit.
Federal Civilian Executive Branch (FCEB) agencies have until May 22, 2023 to apply vendor-provided fixes to protect their networks from these active threats.
The advisory comes just over a month after VulnCheck revealed that nearly 40 security flaws likely to have been actually weaponized in 2022 were missing from the KEV catalog. I was.
Of the 42 vulnerabilities, the overwhelming majority are related to exploitation by botnets like Mirai (27), followed by ransomware gangs (6) and other threat actors (9). increase.
