The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added eight flaw sets to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
This includes six flaws affecting Samsung smartphones and two vulnerabilities affecting D-Link devices. As of 2021, all defects have been fixed.
- CVE-2021-25394 (CVSS Score: 6.4) – Samsung Mobile Device Race Condition Vulnerability
- CVE-2021-25395 (CVSS Score: 6.4) – Samsung Mobile Device Race Condition Vulnerability
- CVE-2021-25371 (CVSS Score: 6.7) – There is an unspecified vulnerability in the DSP driver used by Samsung mobile devices, allowing arbitrary ELF libraries to be loaded.
- CVE-2021-25372 (CVSS score: 6.7) – Improper bounds checking in DSP driver for Samsung mobile devices
- CVE-2021-25487 (CVSS Score: 7.8) – Out-of-Bounds Read Vulnerability in Samsung Mobile Devices Could Allow Arbitrary Code Execution
- CVE-2021-25489 (CVSS Score: 5.5) – Improper Input Validation Vulnerability in Samsung Mobile Devices Causes Kernel Panic.
- CVE-2019-17621 (CVSS Score: 9.8) – Unauthenticated Remote Code Execution Vulnerability in D-Link DIR-859 Router
- CVE-2019-20500 (CVSS Score: 7.8) – D-Link DWL-2600AP Authenticated OS Command Injection Vulnerability
The addition of the two D-Link vulnerabilities was announced last month by attackers associated with the Mirai botnet variant, who used flaws in multiple IoT devices to spread malware in a series of attacks beginning in March 2023. This follows a report by Palo Alto Networks Unit 42 that
However, it’s not immediately clear how the flaw in Samsung’s devices is actually being exploited. However, given the nature of the targets, they could have been used in highly targeted attacks by commercial spyware vendors.
It’s worth noting that Google Project Zero disclosed a series of flaws in November 2022, allegedly weaponized as part of an exploit chain targeting Samsung devices.
Given the active exploitation, Federal Civilian Executive (FCEB) agencies have until July 20, 2023 to apply the necessary fixes to protect their networks from potential threats.
