[CISA-2023:0330] CISA Adds 9 Known Exploited Vulnerabilities to Catalog

Severity Critical

CVEs 9

CISA has added 9 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

[CVE-2013-3163] Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.

Action The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Microsoft
Product: Internet Explorer
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163

[CVE-2017-7494] Samba Remote Code Execution Vulnerability

Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Known
Vendor: Samba
Product: Samba
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://www.samba.org/samba/security/CVE-2017-7494.html; https://nvd.nist.gov/vuln/detail/CVE-2017-7494

[CVE-2021-30900] Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability

Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Apple
Product: iOS, iPadOS, and macOS
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872; https://nvd.nist.gov/vuln/detail/CVE-2021-30900

[CVE-2022-22706] Arm Mali GPU Kernel Driver Unspecified Vulnerability

Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Arm
Product: Mali Graphics Processing Unit (GPU)
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-22706

[CVE-2022-3038] Google Chromium Network Service Use-After-Free Vulnerability

Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Google
Product: Chromium Network Service
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html; https://nvd.nist.gov/vuln/detail/CVE-2022-3038

[CVE-2022-38181] Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Arm
Product: Mali Graphics Processing Unit (GPU)
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-38181

[CVE-2022-39197] Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Fortra
Product: Cobalt Strike
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/; https://nvd.nist.gov/vuln/detail/CVE-2022-39197

[CVE-2022-42948] Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability

Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Fortra
Product: Cobalt Strike
Due Date: Thu Apr 20 00:00:00 2023
Notes: https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/; https://nvd.nist.gov/vuln/detail/CVE-2022-42948