[CISA-2024:0821] CISA Adds 4 Known Exploited Vulnerabilities to Catalog
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
[CVE-2021-31196] Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
- Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Due Date: Wed Sep 11 00:00:00 2024
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-31196; https://nvd.nist.gov/vuln/detail/CVE-2021-31196
[CVE-2021-33044] Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.
- Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Dahua
- Product: IP Camera Firmware
- Due Date: Wed Sep 11 00:00:00 2024
- Notes: https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33044
[CVE-2021-33045] Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
- Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Dahua
- Product: IP Camera Firmware
- Due Date: Wed Sep 11 00:00:00 2024
- Notes: https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33045
[CVE-2022-0185] Linux Kernel Heap-Based Buffer Overflow Vulnerability
Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
- Action Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
- Known To Be Used in Ransomware Campaigns?: Unknown
- Vendor: Linux
- Product: Kernel
- Due Date: Wed Sep 11 00:00:00 2024
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de2; https://nvd.nist.gov/vuln/detail/CVE-2022-0185
- ID
- CISA-2024:0821
- Severity
- critical
- Severity from
- CVE-2021-33044
- URL
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Published
-
2024-08-21T00:00:00
(4 weeks ago) - Modified
-
2024-08-21T00:00:00
(4 weeks ago) - Other Advisories
-
- ALSA-2022:0188
- DSA-5050-1
- ELSA-2022-0188
- ELSA-2022-9028
- ELSA-2022-9029
- ELSA-2022-9147
- ELSA-2022-9148
- FEDORA-2022-6352c313b7
- FEDORA-2022-6d4082d590
- MS:CVE-2021-31196
- MS:CVE-2022-0185
- openSUSE-SU-2022:0169-1
- openSUSE-SU-2022:0198-1
- RHSA-2022:0176
- RHSA-2022:0188
- RHSA-2022:0232
- RLSA-2022:176
- SUSE-SU-2022:0169-1
- SUSE-SU-2022:0197-1
- SUSE-SU-2022:0198-1
- SUSE-SU-2022:0238-1
- SUSE-SU-2022:0239-1
- SUSE-SU-2022:0241-1
- SUSE-SU-2022:0254-1
- SUSE-SU-2022:0257-1
- SUSE-SU-2022:0262-1
- SUSE-SU-2022:0270-1
- SUSE-SU-2022:0288-1
- SUSE-SU-2022:0289-1
- SUSE-SU-2022:0291-1
- SUSE-SU-2022:0292-1
- SUSE-SU-2022:0293-1
- SUSE-SU-2022:0295-1
- USN-5240-1
- USN-5362-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |