Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:222F8D16897B4C3DD25190E8638DAB16
HistoryFeb 22, 2023 - 5:38 a.m.

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

2023-02-2205:38:00
The Hacker News
thehackernews.com
130
cisa
vulnerabilities
kev catalog
known exploited vulnerabilities
cve-2022-47986
ibm aspera faspex
cve-2022-41223
mitel mivoice connect
cve-2022-40765
active exploitation
assetnote
shadowserver foundation
fortra's goanywhere mft
clop ransomware
federal civilian executive branch
fceb
march 14 2023
ics
mitsubishi electric
melsoft iq appportal

0.969 High

EPSS

Percentile

99.7%

JSON

CISA KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The list of shortcomings is as follows -

  • CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability
  • CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection Vulnerability
  • CVE-2022-40765 (CVSS score: 6.8) - Mitel MiVoice Connect Command Injection Vulnerability

CVE-2022-47986 is described as a YAML deserialization flaw in the file transfer solution that could allow a remote attacker to execute code on the system.

Details of the flaw and a proof-of-concept (PoC) were shared by Assetnote on February 2, a day after which the Shadowserver Foundation said it “picked up exploitation attempts” in the wild.

The active exploitation of the Aspera Faspex flaw comes shortly after a vulnerability in Fortra’s GoAnywhere MFT-managed file transfer software (CVE-2023-0669) was abused by threat actors with potential links to the Clop ransomware operation.

CISA also added two flaws impacting Mitel MiVoice Connect (CVE-2022-41223 and CVE-2022-40765) that could permit an authenticated attacker with internal network access to execute arbitrary code.

Exact specifics surrounding the nature of the attacks are unclear, but another flaw in MiVoice Connect was exploited last year to deploy ransomware. The vulnerabilities were patched by Mitel in October 2022.

In light of in-the-wild exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by March 14, 2023, to secure networks against potential threats.

CISA, in a related development, also released an Industrial Control Systems (ICS) advisory that touches upon critical flaws (CVE-2022-26377 and CVE-2022-31813) in Mitsubishi Electric’s MELSOFT iQ AppPortal.

“Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information disclosure, denial-of-service, or bypass IP address authentication,” the agency said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related

cisa 1
ics 2
cloudlinux 1
prion 6
nvd 6
cve 6
cisa_kev 4
cnvd 2
cvelist 6
attackerkb 4
nuclei 2
rapid7blog 4
zdt 3
githubexploit 9
thn 7
packetstorm 3
veracode 2
ibm 13
nessus 35
httpd 2
oraclelinux 5
ubuntucve 2
osv 8
hackerone 1
exploitdb 2
github 1
hivepro 1
malwarebytes 3
debiancve 2
redhatcve 2
alpinelinux 2
f5 2
talosblog 1
qualysblog 1
mageia 1
metasploit 1
openvas 25
ubuntu 3
suse 2
checkpoint_advisories 1
fedora 2
impervablog 1
slackware 1
amazon 2
freebsd 1
altlinux 2
redos 1
kaspersky 1
mssecure 1
mmpc 1
photon 1
almalinux 1
cisa
cisa
CISA Adds Three Known Exploited Vulnerabilities to Catalog
2023-02-21 00:00:00
ics
ics
Mitsubishi Electric MELSOFT iQ AppPortal
2023-02-21 12:00:00
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
2023-06-07 12:00:00
cloudlinux
cloudlinux
Fixed CVEs in httpd: CVE-2022-31813, CVE-2022-28615, CVE-2022-26377
2022-06-28 20:14:01
prion
prion
Command injection
2022-11-22 01:15:00
Code injection
2022-11-22 01:15:00
Deserialization of untrusted data
2023-02-17 16:15:00
nvd
nvd
CVE-2022-40765
2022-11-22 01:15:31
CVE-2022-47986
2023-02-17 16:15:10
CVE-2022-41223
2022-11-22 01:15:32
cve
cve
CVE-2022-47986
2023-02-17 16:15:10
CVE-2022-40765
2022-11-22 01:15:31
CVE-2022-41223
2022-11-22 01:15:32
cisa_kev
cisa_kev
IBM Aspera Faspex Code Execution Vulnerability
2023-02-21 00:00:00
Mitel MiVoice Connect Command Injection Vulnerability
2023-02-21 00:00:00
Mitel MiVoice Connect Code Injection Vulnerability
2023-02-21 00:00:00
cnvd
cnvd
IBM Aspera Faspex Deserialization Vulnerability
2023-02-21 00:00:00
Apache HTTP Server Data Forgery Issue Vulnerability (CNVD-2022-73123)
2022-06-10 00:00:00
cvelist
cvelist
CVE-2022-47986 IBM Aspera Faspex code execution
2023-02-17 15:46:04
CVE-2022-40765
2022-11-22 00:00:00
CVE-2022-41223
2022-11-22 00:00:00
attackerkb
attackerkb
CVE-2022-41223
2022-11-22 00:00:00
CVE-2022-40765
2022-11-22 00:00:00
CVE-2022-47986
2023-02-17 00:00:00
nuclei
nuclei
IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution
2023-02-03 09:18:45
Fortra GoAnywhere MFT - Remote Code Execution
2023-02-10 14:50:32
rapid7blog
rapid7blog
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
2023-03-28 19:35:19
Exploitation of GoAnywhere MFT zero-day vulnerability
2023-02-03 16:18:21
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
2024-01-23 18:42:31
zdt
zdt
IBM Aspera Faspex 4.4.1 - YAML deserialization Remote Code Execution Exploit
2023-04-07 00:00:00
Goanywhere Encryption helper 7.1.1 - Remote Code Execution Exploit
2023-04-08 00:00:00
Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution Exploit
2023-02-13 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Ibm Aspera Faspex
2023-02-03 06:32:13
Exploit for Deserialization of Untrusted Data in Ibm Aspera Faspex
2023-03-09 22:03:48
Exploit for HTTP Request Smuggling in Apache Http Server
2024-04-12 03:59:03
thn
thn
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
2023-03-09 14:01:00
New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts
2024-05-23 13:50:00
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
2023-04-20 11:22:00
packetstorm
packetstorm
IBM Aspera Faspex 4.4.1 YAML Deserialization
2023-04-10 00:00:00
Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution
2023-02-09 00:00:00
Goanywhere Encryption Helper 7.1.1 Remote Code Execution
2023-04-10 00:00:00
veracode
veracode
HTTP Request Smuggling (HRS)
2022-06-12 17:52:26
Insecure Access Control
2022-06-14 17:42:39
ibm
ibm
Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)
2023-02-02 17:43:12
Security Bulletin: IBM Aspera Orchestrator affected by vulnerability ( CVE-2022-31813)
2023-02-02 20:49:02
Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to the use of Apache HTTP server (CVE-2022-26377).
2023-10-19 16:10:47
nessus
nessus
F5 Networks BIG-IP : Apache vulnerability (K26314875)
2023-06-23 00:00:00
Oracle Linux 8 : httpd:2.4 (ELSA-2022-9682)
2022-08-11 00:00:00
Oracle Linux 7 : httpd (ELSA-2022-9675)
2022-08-04 00:00:00
httpd
httpd
Apache Httpd < 2.4.54 : mod_proxy_ajp: Possible request smuggling
2022-06-08 00:00:00
Apache Httpd < 2.4.54 : mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
2022-06-08 00:00:00
oraclelinux
oraclelinux
httpd security update
2022-08-04 00:00:00
httpd:2.4 security update
2022-08-10 00:00:00
httpd security update
2022-08-04 00:00:00
ubuntucve
ubuntucve
CVE-2022-31813
2022-06-09 00:00:00
CVE-2022-26377
2022-06-09 00:00:00
osv
osv
CVE-2022-31813
2022-06-09 17:15:09
BIT-apache-2022-26377
2024-03-06 10:53:16
CVE-2022-26377
2022-06-09 17:15:09
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
2022-06-08 10:29:46
exploitdb
exploitdb
IBM Aspera Faspex 4.4.1 - YAML deserialization (RCE)
2023-04-07 00:00:00
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
2023-04-08 00:00:00
github
github
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
2023-02-06 21:30:29
hivepro
hivepro
Clop Ransomware Group Claims Responsibility for GoAnywhere MFT Attacks
2023-02-13 11:34:45
malwarebytes
malwarebytes
GoAnywhere zero-day opened door to Clop ransomware
2023-02-20 02:00:00
Clop ransomware is victimizing GoAnywhere MFT customers
2023-03-14 04:00:00
Rubrik is latest victim of the Clop ransomware zero-day campaign
2023-03-17 16:30:00
debiancve
debiancve
CVE-2022-31813
2022-06-09 17:15:09
CVE-2022-26377
2022-06-09 17:15:09
redhatcve
redhatcve
CVE-2022-31813
2022-06-08 20:02:05
CVE-2022-26377
2022-06-08 19:32:50
alpinelinux
alpinelinux
CVE-2022-31813
2022-06-09 17:15:09
CVE-2022-26377
2022-06-09 17:15:09
f5
f5
Apache HTTP Server vulnerability CVE-2022-31813
2022-07-29 18:54:00
K26314875 : Apache vulnerability CVE-2022-26377
2022-06-23 00:00:00
talosblog
talosblog
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
2023-02-23 19:00:45
qualysblog
qualysblog
Forta GoAnywhere Zero-Day Exploited By Threat Actors
2023-02-15 23:34:54
mageia
mageia
Updated apache packages fix security vulnerability
2022-06-13 23:44:20
metasploit
metasploit
Fortra GoAnywhere MFT Unsafe Deserialization RCE
2023-02-08 15:24:27
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0228)
2022-06-14 00:00:00
Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Linux
2022-06-10 00:00:00
Fedora: Security Advisory for httpd (FEDORA-2022-e620fb15d5)
2022-07-02 00:00:00
ubuntu
ubuntu
Apache HTTP Server regression
2022-06-23 00:00:00
Apache HTTP Server regression
2022-06-23 00:00:00
Apache HTTP Server vulnerabilities
2022-06-21 00:00:00
suse
suse
Security update for apache2 (important)
2022-07-06 00:00:00
Security update for apache2 (important)
2022-07-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat AJP File Inclusion (CVE-2020-1938; CVE-2022-26377)
2020-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: httpd-2.4.54-3.fc36
2022-07-01 01:09:46
[SECURITY] Fedora 35 Update: httpd-2.4.54-1.fc35
2022-07-06 01:54:10
impervablog
impervablog
Why Attackers Target the Government Industry
2023-05-09 14:47:17
slackware
slackware
[slackware-security] httpd
2022-06-08 19:24:07
amazon
amazon
Medium: httpd
2022-07-06 03:12:00
Medium: httpd24
2022-06-30 23:38:00
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2022-06-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.54-alt1
2022-06-21 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.54-alt1
2022-06-19 00:00:00
redos
redos
ROS-20220628-01
2022-06-28 00:00:00
kaspersky
kaspersky
KLA12554 Multiple vulnerabilities in Apache HTTP Server
2022-06-08 00:00:00
mssecure
mssecure
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
2023-04-18 15:00:00
mmpc
mmpc
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
2023-04-18 15:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0202
2022-06-22 00:00:00
almalinux
almalinux
Moderate: httpd:2.4 security update
2022-11-08 00:00:00

0.969 High

EPSS

Percentile

99.7%

JSON
Related for THN:222F8D16897B4C3DD25190E8638DAB16
cisa1ics2cloudlinux1prion6nvd6cve6cisa_kev4cnvd2cvelist6attackerkb4nuclei2rapid7blog4zdt3githubexploit9thn7packetstorm3veracode2ibm13nessus35httpd2oraclelinux5ubuntucve2osv8hackerone1exploitdb2github1hivepro1malwarebytes3debiancve2redhatcve2alpinelinux2f52talosblog1qualysblog1mageia1metasploit1openvas25ubuntu3suse2checkpoint_advisories1fedora2impervablog1slackware1amazon2freebsd1altlinux2redos1kaspersky1mssecure1mmpc1photon1almalinux1