UPDATED 19:12 EST / MAY 15 2023

SECURITY

CISA adds new Linux vulnerabilities to catalog, warns they’re being actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency has added seven new Linux-related vulnerabilities to its catalog and warned that they’re being actively exploited.

The vulnerabilities are described as frequent attack vectors for malicious cyber actors and pose significant risks to federal enterprises. Although the vulnerabilities listed are new to CISA’s database, most of the vulnerabilities are old, with one dating back to 2010.

The vulnerabilities include CVE-2023-25717, a multiple Ruckus Wireless Products cross-site forgery request and remote code execution vulnerability; CVE-2021-3560,  a Red Hat Polkit incorrect authorization vulnerability; CVE-2014-0196, a Linux Kernel race condition vulnerability; CVE-2010-3904, a Linux Kernel improper input validation vulnerability; CVE-2015-5317, a Jenkins user interface information disclosure vulnerability; CVE-2016-3427, an Oracle Java SE and JRockit unspecified vulnerability; and CVE-2016-8735, an Apache Tomcat RCE vulnerability.

The vulnerabilities were added to CISA’s Known Exploited Vulnerabilities catalog, a “living list” of known Common Vulnerabilities and Exposure that carry significant risk to federal enterprises. CISA strongly urged all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of vulnerabilities in the catalog.

Why vulnerabilities dating back as far as 13 years have just appeared in CISA’s catalog did not go without notice. Mike Parkin, senior technical engineer at cyber risk management firm Vulcan Cyber Ltd., told SiliconANGLE that the addition of old CVEs is unusual.

“Standard change management processes should have had these systems updated or out of service long ago, which begs the question of what exploit activity is CISA seeing now that warrants adding these to the Known Exploited Vulnerabilities catalog?” Parkin said. “For the newer CVEs, it’s time to patch. For the older ones, if an organization finds they are still using end-of-life applications or haven’t patched for seven-plus-year-old vulnerabilities, it’s time to review their application management procedures. Because no one should still be affected by these vulnerabilities.”

Bud Broomhead, chief executive at internet of things security platform company Viakoo Inc., noted a trend, saying that the recent additions to the catalog confirm that threat actors are increasingly leveraging open source software and IoT, operational technology and industrial control system devices to provide access and enable remote code execution.

“These seven vulnerabilities are focused on open source software components and the recent addition of 15 vulnerabilities aimed at industrial control systems are much harder and more time-consuming to remediate than traditional IT vulnerabilities,” Broomhead explained. “These new vulnerabilities face organizations with a new imperative to have full visibility of all digitally connected assets, awareness of what software components they have, and an automated method to remediate and restore these mission-critical devices to full operations.”

Image: CISA

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU