The US Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is below –
- CVE-2022-35914 (CVSS score: 9.8) – Teclib GLPI Remote Code Execution Vulnerability
- CVE-2022-33891 (CVSS Score: 8.8) – Apache Spark Command Injection Vulnerability
- CVE-2022-28810 (CVSS Score: 6.8) – Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
The most severe of the three, CVE-2022-35914, concerns a remote code execution vulnerability in the third-party library htmlawed present in Teclib GLPI, an open source asset and IT management software package.
Exact details about the nature of the attack are unknown, but the Shadowserver Foundation announced in October 2022 that I got it We have seen exploit attempts against honeypots.
Since then, a cURL-based one-line proof-of-concept (PoC) has been made available on GitHub, and a “massive” scanner is on the market, VulnCheck security researcher Jacob Baines said in 2022. said in December.
Additionally, data collected by GreyNoise revealed 40 malicious IP addresses from the United States, Netherlands, Hong Kong, Australia, and Bulgaria, attempting to exploit this shortcoming.
The second vulnerability is an unauthenticated command injection vulnerability in Apache Spark, exploited by the Zerobot botnet to leverage susceptible devices to conduct distributed denial of service (DDoS) attacks. doing.
Finally, a remote code execution flaw in Zoho ManageEngine ADSelfService Plus patched in April 2022 has also been added to the KEV catalog.
Discover the latest malware evasion tactics and defense strategies
Ready to smash the 9 most dangerous myths about file-based attacks? Join our upcoming webinar and become a hero in the fight against patient zero infections and zero-day security events!
reserve a seat
“Multiple Zoho ManageEngine ADSelfService Plus contain unspecified vulnerabilities that could allow remote code execution when performing password changes or resets,” CISA said.
Cybersecurity firm Rapid7, which discovered the bug, said it detected an active exploitation attempt by a threat actor.
API security company Wallarm has exploited two VMware NSX Manager flaws (CVE-2021-39144 and CVE-2022-31678) to execute malicious code and siphon sensitive data since December 2022 He announced that he had found a possibility.
