CISA Active Exploit List – March Update


by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must-address exploits.  As these are actively used by attackers in the wild, it is recommended to resolve the issues as soon as possible.  Below are the companies, CVE numbers, and links to solutions for said problems. All links open in a new tab or window.

Fortra

GoAnywhere MFT – https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml
(Requires a user account to gain access to patch.)

TerraMaster 

TerraMaster OS – https://forum.terra-master.com/en/viewtopic.php?t=3030

Intel

Ethernet Diagnostics Driver for Windows – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html

Microsoft

Windows – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823

Windows – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376

Office – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715

Apple

Multiple products affected as indicated below:

Cacti

Cacti – https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

Mitel

MiVoice Connect – https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007

MiVoice Connect – https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008

IBM

Aspera Faspex – https://exchange.xforce.ibmcloud.com/vulnerabilities/243512

ZK Framework

AuUploader – https://tracker.zkoss.org/browse/ZK-5150

Third-Party References:

Click the links below to learn more details. (Opens in a new tab/window.)