CISA Active Exploits – May 2023


by Artie Kaye

The Cybersecurity and Infrastructure Agency (CISA) added a host of new exploits over the last two months which are must patch issues. While these instructions are meant for governmental agencies, it would be prudent to address them if they apply. Below are the CVE numbers, what products are affected, and official links the various companies have provided highlighting the problem or their solutions.

All links are off-site references that open in news tabs or windows.

Adobe

ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

Android

Framework

https://source.android.com/docs/security/bulletin/2023-03-01

Apache

Log4j2

https://logging.apache.org/log4j/2.x/security.html

Spark

https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc

Apple

macOS

https://support.apple.com/en-us/HT209600

Multiple Products

https://support.apple.com/en-us/HT213720
https://support.apple.com/en-us/HT213721
https://support.apple.com/en-us/HT213722
https://support.apple.com/en-us/HT213723

https://support.apple.com/en-us/HT213720
https://support.apple.com/en-us/HT213721

https://support.apple.com/en-us/HT21286
https://support.apple.com/en-us/HT212868
https://support.apple.com/kb/HT212872

Arm

Mali Graphics Processing Unit

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Cisco

IOS and IOS XE Software

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp

Fortinet

FortiOS

https://www.fortiguard.com/psirt/FG-IR-22-369

Fortra

Cobalt Strike

https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/

Google

Chrome

https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html

Chromium V8 Engine

https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html

Linux

Kernel

https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4

Microsoft

Win32k

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336

Windows

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252

Internet Explorer

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055

Office

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability

MinIO

https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q

Novi Survey

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx

Oracle

WebLogic Server

https://www.oracle.com/security-alerts/cpujan2023.html

PaperCut

MF/NG

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219

Plex

Media Server

https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819

Samba

https://www.samba.org/samba/security/CVE-2017-7494.html

Techlib

GLPI

Summary of fixes covered in vendor link below:

https://glpi-project.org/new-version-glpi-10-0-7/

TP-Link

Archer AX21

https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware

Veritas

Backup Exec Agent

https://www.veritas.com/support/en_US/security/VTS21-001

XStream

https://www.vmware.com/security/advisories/VMSA-2022-0027.html
https://x-stream.github.io/CVE-2021-39144.html

Zimbra

Collaboration

https://wiki.zimbra.com/wiki/Security_Center

Zoho

Manage Engine

https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html

Third-Party References:

Click the links below to learn more details. (Opens in a new tab/window.)