Oct 12 2023

Adobe, Cisco IOS, Skype, WordPad, and HTTP/2 Rapid Reset Flaws Actively Exploited: CISA Warns

Category: Security vulnerabilitiesdisc7 @ 9:25 am

The US cybersecurity organization CISA has updated its Known Exploited Vulnerabilities catalog to include five new security flaws that are currently being actively exploited.

This means that attackers are using these vulnerabilities to gain unauthorized access to computer systems, steal sensitive data, or cause damage to critical infrastructure.

It is crucial for organizations to be aware of these vulnerabilities and take immediate steps to mitigate the risk of exploitation.

Earlier this year, several vulnerabilities were reported in popular software applications such as Acrobat, Cisco IOS, WordPad, Skype, and HTTP/2 Rapid Reset.

As a precautionary measure, businesses are advised by CISA to be wary of these vulnerabilities and take necessary steps to secure their systems against potential cyber-attacks.

Malicious cyber actors often exploit these vulnerabilities as they are commonly found in the federal enterprise, posing significant threats to their security.

Five Actively Exploited Flaws

  • CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability

A Use After Free vulnerability in Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier), and 20.005.30418 (and earlier) might lead to arbitrary code execution in the context of the current user.

This vulnerability can only be exploited if the victim opens a malicious file that involves user involvement. Adobe patched the vulnerability in January 2023, and the PoC exploit code for this issue is available.

An authenticated, remote attacker with administrative access to a group member or a key server could exploit a vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software.

A successful exploit might give the attacker complete control of the targeted system and the ability to run arbitrary code, or it could force the target system to reload, resulting in a DoS attack. Cisco fixed the flaw at the end of September.

  • CVE-2023-41763 Microsoft Skype for Business Privilege Escalation Vulnerability

An elevation of privilege vulnerability in Skype for Business is identified as CVE-2023-41763.

“An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an HTTP request made to an arbitrary address. This could disclose IP addresses or port numbers or both to the attacker”, Microsoft warns.

The attacker may obtain certain private, sensitive data, and in some situations, the information that was revealed could provide the attacker access to internal networks. Microsoft patched the flaw in its October Patch Tuesday release.

  • CVE-2023-36563 Microsoft WordPad Information Disclosure Vulnerability

This is an information disclosure vulnerability in Microsoft WordPad. Because of the flaw, NTLM hashes can be revealed under certain circumstances. 

To exploit the issue, an attacker would need to be able to get into the system, but if a footing is gained, the adversary could then launch a specially crafted application and seize control of an affected machine.

“The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file,” Microsoft said.

Microsoft patched the flaw in its October Patch Tuesday release.

The HTTP/2 protocol flaw CVE-2023-44487 has recently been utilized to execute massive DDoS attacks against several targets. The HTTP/2 protocol’s handling of request cancellations or resets is the source of the issue.

When a client makes a reset for an HTTP/2 request, it consumes server resources by canceling the relevant stream. 

However, the client can start a new stream right away after initiating a reset. The quick opening and closing of HTTP/2 streams brings on the denial of service.

This vulnerability may affect many web platforms because HTTP/2 has been implemented into so many of them.

CISA urges all organizations to prioritize promptly repairing Catalogue vulnerabilities as part of their vulnerability management procedures to reduce their exposure to attacks.

Cybersecurity and Infrastructure Security Agency (CISA) TIPS

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Cybersecurity and Infrastructure Security Agency

Leave a Reply

You must be logged in to post a comment. Login now.