DISC InfoSec blogSecurity vulnerabilities Archives | Page 4 of 7

Jun 01 2022

Experts uncovered over 3.6M accessible MySQL servers worldwide

Category: data security,Security vulnerabilities — DISC @ 8:32 am

Experts uncovered over 3.6M accessible MySQL servers worldwide

Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners.

Researchers from Shadow Server scanned the internet for publicly accessible MySQL server instances on port 3306/TCP and uncovered 3.6M installs worldwide responding to their queries.

These publicly accessible MySQL server instances represent a potential attack surface for their owners.

“These are instances that respond to our MySQL connection request with a Server Greeting. Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well (though mostly associated with a single Autonomous System).” states the report published by the researchers.

Most of the accessible IPv4 MySQL servers are in the United States (740.1K), China (296.3K), Poland (207.8K) and Germany (174.9K).

Accessible IPv4 MySQL servers

Most of the accessible IPv6 MySQL servers are in the United States (460.8K), Netherlands (296.3K), Singapore (218.2K) and Germany (173.7K).

Researchers recommend admins follow the MySQL 5.7 Secure Deployment Guide and MySQL 8.0 Secure Deployment Guide for the deployment of their servers.

“It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive a report on your network/constituency take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server.” concludes the report.

The researchers shared data on the accessible MySQL instances in the Accessible MySQL Server Report.

Over 3.6 million MySQL servers found exposed on the Internet

PHP & MySQL: Server-side Web Development

Tags: MySQL servers

Comments (0)

May 26 2022

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilities — DISC @ 8:29 am

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel (CVE-2021-1048 and

CVE-2021-0920

) and Cisco IOS XR (CVE-2022-20821).

The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: 6.5, is actively exploited in attacks in the wild, it resides in the health check RPM of Cisco IOS XR Software. An unauthenticated, remote attacker could trigger the issue to access the Redis instance that is running within the NOSi container.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

Other issues impact Google, Mozilla, Facebook, Adobe, and Webkit GTK software products, the vulnerabilities range from 2018 to 2021.

Some of the issues have to be addressed by federal agencies by June 13, 2022, while the others need to be fixed by June 14, 2022.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: cve, US CISA

Comments (0)

May 06 2022

Zero-day bug in uClibc library could leave IoT devices vulnerable to DNS poisoning attacks

Category: Information Security,Security vulnerabilities,Zero day — DISC @ 10:10 am

A zero-day vulnerability in uClibc and uClibc-ng, a popular C standard library, could enable a malicious actor to launch DNS poisoning attacks on vulnerable IoT devices.

The bug, tracked as ICS-VU-638779, which has yet to be patched, could leave users exposed to attack, researchers have warned.

DNS poisoning

In a DNS poisoning attack, the target domain name is resolved to the IP address of a server that’s under an attacker’s control.

This means at if a malicious actor were to send a ‘forgotten password’ request, they could direct it to their own email address and intercept it – allowing them to change the victim’s password and access their account.

For an IoT device, this attack could potentially be used to intercept a firmware update request and instead directing it to download malware.

The DNS poisoning vulnerability was discovered by researchers at Nozomi Networks, who revealed that the issue remains unpatched, potentially exposing multiple users to attack.

Nozomi Networks states that uClibc is known to be used by major vendors such as Linksys, Netgear, and Axis, or Linux distributions such as Embedded Gentoo. uClibc-ng is a fork specifically designed for OpenWRT, a common operating system for web routers.

The library maintainer was unable to provide a fix, according to Nozomi. The researchers said they would refrain from sharing technical details or listing vulnerable devices until a patch is available.

“It’s important to note that a vulnerability affecting a C standard library can be a bit complex,” the team wrote in a blog post this week.

“Not only would there be hundreds or thousands of calls to the vulnerable function in multiple points of a single program, but the vulnerability would affect an indefinite number of other programs from multiple vendors configured to use that library.”

Source: https://portswigger.net/daily-swig/zero-day-bug-in-uclibc-library-could-leave-iot-devices-vulnerable-to-dns-poisoning-attacks

Managing Mission – Critical Domains and DNS: Demystifying nameservers, DNS, and domain names

👇 Please Follow our LI page…

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: DNS poisoning attacks

Comments (0)

Apr 18 2022

Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP!

Category: Security vulnerabilities — DISC @ 8:49 am

Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)

It’s easy to see why: it may be exploited by unauthenticated, remote attackers to breach systems and by attackers that already have access to a system and want to hop on others on the same network. It can also be exploited without the vulnerable system’s user doing anything at all (aka “zero-click” exploitation).

About CVE-2022-26809

CVE-2022-26809 is a remote code execution vulnerability in Microsoft Remote Procedure Call (RPC) runtime and affects a wide variety of Windows and Windows Server versions.

“To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service,” Microsoft said and advised admins to:

Block TCP port 445 at the enterprise perimeter firewall (but be aware that this does not protects systems from attacks from within the enterprise perimeter), and
Follow Microsoft’s guidelines to secure SMB traffic.

This mention of SMB is probably what triggered some initial nervousness with security defenders, as it resurfaced bad memories related to the global WannaCry outbreak, which used the EternalBlue exploit to take advantage of vulnerabilities in Microsoft Windows SMB Server.

The infosec community worries about a functional proof-of-concept (PoC) exploit being released publicly soon and making the situation bad for enterprise defenders. There has been some topical online trolling and scam offers, but no PoC yet – and no evidence of covert exploitation.

Mitigation and detection

In the meantime, infosec experts have been augmenting Microsoft’s initial risk mitigation advice with their own:

CVE-2022-26809 Yes, blocking 445 at your network perimeter is necessary but not sufficient to help prevent exploitation.
If by April 2022 you STILL have SMB exposed to the broader internet you've got some soul searching to do.
Now, about those hosts already inside your network… pic.twitter.com/jS8fPrv8E2
— Will Dormann (@wdormann) April 13, 2022

Please remember: Port 445 is just ONE of the ports that may reach #RPC (CVE-2022-26809) on Windows. #MSRPC does Port 135 (and high port) or in some cases HTTP as well. Don't "close some ports" but "only open ports you need open". #allowlist #dontblocklist
— SANS ISC (@sans_isc) April 14, 2022

https://twitter.com/NerdPyle/status/1514633465462870020?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1514633465462870020%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.helpnetsecurity.com%2F2022%2F04%2F15%2Fcve-2022-26809%2F

Akamai researchers have shared their own analysis of Microsoft’s patch, which provides additional insight about the origin of the flaw, and Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, published a post summarizing the danger

CVE-2022-26809

poses and reiterated that patching is the only real fix for this vulnerability.

“You can’t ‘turn off’ RPC on Windows if you are wondering. It will break stuff. RPC does more than SMB. For example, you can’t move icons on the desktop if you disable RPC (according to a Microsoft help page),” he explained, and noted that exploitation detection may be hard.

“I have no idea when we will see a working exploit, but I hope we will have until next week,” he concluded.

👇 Please Follow our LI page…

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: RPC runtime bug

Comments (0)

Apr 13 2022

Cross-site scripting (XSS) cheat sheet

Category: Cheat Sheet,Security vulnerabilities — DISC @ 10:41 am

This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector.

You can download a PDF version of the XSS cheat sheet.

Cross-Site Scripting Attacks: Classification, Attack, and Countermeasures

Tags: cheat sheet, Cross-site scripting, Cross-Site Scripting Attacks

Comments (0)

Apr 12 2022

Five critical bugs fixed in hospital robot control system

Category: Security vulnerabilities — DISC @ 10:10 pm

Five critical bugs fixed in hospital robot control system

Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG.

TUGs are pretty much robot cabinets or platforms on wheels, apparently capable of carrying up to 600kg and rolling along at just under 3km/hr (a slow walk).

They’re apparently available in both hospital variants (e.g. for transporting medicines in locked drawers on ward rounds) and hospitality variants (e.g. conveying crockery and crumpets to the conservatory).

During what we’re assuming was a combined penetration test/security assessment job, the Cynerio researchers were able to sniff out traffic to and from the robots in use, track the network exchanges back to a web portal running on the hospital network, and from there to uncover five non-trivial security flaws in the backend web servers used to control the hospital’s robot underlords.

In a media-savvy and how-we-wish-people-wouldn’t-do-this-but-they-do PR gesture, the researchers dubbed their bugs The JekyllBot Five, dramatically stylised JekyllBot:5 for short.

Despite the unhinged, psychokiller overtones of the name “Jekyllbot”, however, the bugs don’t have anything to do with AI gone amuck or a robot revolution.

The researchers also duly noted in their report that, at the hospital where they were investigating with permission, the robot control portal was not directly visible from the internet, so a would-be attacker would have already needed an internal foothold to abuse any of the bugs they found.

Unauthenticated access to everything

Nevertheless, the fact that the hospital’s own network was shielded from the internet was just as well.

With TCP access to the server running the web portal, the researchers claim that they could:

Access and alter the system’s user database. They were apparently able to modify the rights given to existing users, to add new users, and even to assign users administrative privileges.
Snoop on trivially-hashed user passwords. With a username to add to a web request, they could recover a straight, one-loop, unsalted MD5 hash of that users’ password. In other words, with a precomputed list of common password hashes, or an MD5 rainbow table, many existing passwords could easily be cracked.
Send robot control commands. According to the researchers, TCP-level access to the robot control server was enough to issue unauthenticated commands to currently active robots. These commands included opening drawers in the robot’s cabinet (e.g. where medications are supposedly secured), cancelling existing commands, recovering the robot’s location and altering its speed.
Take photos with a robot. The researchers showed sample images snapped and recovered (with authorisation) from active robots, including pictures of a corridor, the inside of an elevator (lift), and a shot from a robot approaching its charging station.
Inject malicious JavaScript into legitimate users’ browsers. The researchers found that the robot management console portal was vulnerable to various types of cross-site scripting (XSS) attack, which could allow malware to be foisted on legitimate users of the system.

XSS revisited

Cybersecurity for eHealth

The modern realities of cybersecurity have uncovered the unpreparedness of many sectors and industries to deal with emerging threats. One of these sectors is the healthcare industry. The pervasiveness and proliferation of online innovation, systems, and applications in global healthcare have created a threat domain wherein policy and regulation struggle to keep pace with development, standardization faces contextual challenges, and technical capacity is largely deficient.

It is now urgent that healthcare professionals know the most relevant concepts and fundamentals of global cybersecurity related to eHealth. Cybersecurity for eHealth: A Practical Guide for Nontechnical Stakeholders and Healthcare Practitioners uses both a rigorous academic and practical professional approach in covering the essentials of cybersecurity. The book:

Distills foundational knowledge and presents it in a concise manner that is easily assimilated
Draws lessons from real-life case studies across the global healthcare industry to drive home complex principles and insights
Helps eHealth professionals to deal more knowledgeably and effectively with the realities of cybersecurity

Written for healthcare professionals without a background in the workings of information and communication technologies, the book presents the basics of cybersecurity and an overview of eHealth. It covers the foundational concepts, perspectives, and applications of cybersecurity in the context of eHealth and traverses the cybersecurity threat landscape to eHealth, including:

Threat categories, agents, and objectives
Strategies and approaches deployed by various threat agents
Predisposing risk factors in cybersecurity threat situations
Tools and techniques to protect against cybersecurity incidents

A comprehensive and practical guide, the book discusses approaches and best practices for enhancing personal cybersecurity as well as giving an overview of governance, ethics, and regulation in eHealth.

👇 Please Follow our LI page…

Tags: Cybersecurity for eHealth, hospital robot control system

Comments (0)

Apr 12 2022

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilities — DISC @ 8:23 am

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

The U.S. CISA added the
CVE-2022-23176
flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the

CVE-2022-23176

flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

A remote attacker with unprivileged credentials can exploit the CVE-2022-23176 vulnerability in WatchGuard Firebox and XTM appliances to access the system with a privileged management session via exposed management access.

The vulnerability is actively exploited by the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage.

Cyclops Blink is believed to be a replacement for the VPNFilter botnet, which was first exposed in 2018 and at the time was composed of more than 500,000 compromised routers and network-attached storage (NAS) devices.

The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox, Small Office/Home Office (SOHO) network devices, and ASUS router models.

WatchGuard published instructions on how to restore compromised Firebox appliances. The company also developed and released a set of Cyclops Blink detection tools, as well as this 4-Step Cyclops Blink Diagnosis and Remediation Plan to help customers diagnose, remediate if necessary, and prevent future infection.

Cyclops Blink is sophisticated malware with a modular structure. It supports functionality to add new modules at run-time allowing Sandworm operators to implement additional capability as required.

The malware leverages the firmware update process to achieve persistence. The malware manages clusters of victims and each deployment of Cyclops Blink has a list of command and control (C2) IP addresses and ports that it uses.

Recently, the U.S. government has announced that it had dismantled the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group.

CISA also added to the catalog two flaws in Microsoft Active Directory (CVE-2021-42287, CVE-2021-42278), a flaw in Google Pixel (CVE-2021-39793), a flaw in Checkbox Survey (CVE-2021-27852), a flaw in Linux Kernel (CVE-2021-22600), a bug in QNAP NAS (CVE-2020-2509), and a vulnerability in Telerik WEB UI (CVE-2017-11317).

The vulnerabilities added to the catalog have to be addressed by federal agencies by May 02, 2022.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation

👇 Please Follow our LI page…

Tags: CISA, Known Exploited Vulnerabilities Catalog

Comments (0)

Apr 08 2022

Developers Remediate Less Than a Third of Vulnerabilities

Category: Security vulnerabilities — DISC @ 8:28 am

Developers Remediate Less Than a Third of Vulnerabilities

Developers Remediate Less Than a Third of Vulnerabilities

Developers are regularly ignoring security issues as they deal with an onslaught of issues from security teams, even as they are expected to release software more frequently and faster than ever before.

In addition, developers fix just 32% of known vulnerabilities, and 42% of developers push vulnerable code once per month, according to Tromzo’s Voice of the Modern Developer Report.

The report, based on a survey of more than 400 U.S.-based developers who work at organizations where they currently have CI/CD tools in place, also found a third of respondents think developers and security are siloed.

Tromzo CTO and co-founder Harshit Chitalia pointed out the top security vulnerabilities of the past few years—Log4j, SolarWinds, Codecov—have all been supply chain attacks.

“This has made AppSec an urgent and top priority for CISOs worldwide,” he said. “In addition, everything as code with Kubernetes, Terraform and so on have made all parts of the development stack part of AppSec.”

From his perspective, the only way this big attack surface can be overcome is with security and development teams working hand in hand to secure the application in every step of the development cycle.

He added developers ignoring security issues is one of the fundamental issues AppSec engineers have with security.

“Security teams put their blood, sweat and tears into finding different vulnerabilities in code through orchestrating scanners and manual testing,” he said. “After all the work, seeing the issue on Jira queue for months is disappointing and quite frustrating.”

Fighting Friction

On the other hand, he pointed to developers who are now asked not only to develop features and fix bugs but also look at DevOps, performance and security of their applications.

“This leads to friction in priorities and, if unresolved, leads to unhappy employees,” he said. “The C-suite is very much aware of this problem, but they are stuck with security tools which are not created for developers. As application security is going through a big transformation, we believe the tooling will also shift.”

He explained there were several concerning findings from the survey but that two, in particular, stood out.

The first thing Chitalia found deeply concerning was the fact that 62% of developers are using 11 or more application security tools.

He said application security has evolved in recent years with AppSec teams now responsible for source-code analysis, DAST, bug bounty, dependency, secrets scanning, cloud scanning and language-specific scanners.

“This means developers are constantly fed information from these tools without any context and they have to triage and prioritize the workload these tools generate for them,” he said.

The second big worry was the fact that a third of vulnerabilities are noise.

“If someone told you that a third of the work you did needs to be thrown away every single day, how would you feel about that?” he asked. “But that’s the current state of application security.”

False Positives a Big Negative

Securing DevOps: Security in the Cloud

Tags: DevOps, DevSecOps, Securing DevOps

Comments (0)

Apr 05 2022

CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilities — DISC @ 8:41 am

CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog

The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed

CVE-2022-22965

(aka Spring4Shell, CVSS score: 9.8) flaw in the Spring Framework, along with three other issues, to its Known Exploited Vulnerabilities Catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

The Spring4Shell issue was disclosed last week, it resides in the Spring Core Java framework. An unauthenticated, remote attacker could trigger the vulnerability to execute arbitrary code on the target system. The framework is currently maintained by Spring.io which is a subsidiary of VMware.

The Spring Framework is an application framework and inversion of control container for the Java platform. The framework’s core features can be used by any Java application, but there are extensions for building web applications on top of the Java EE (Enterprise Edition) platform.

The vulnerability was disclosed after a Chinese security researcher published a proof-of-concept (PoC) exploit before deleting its account (helloexp).

This week VMware has published security updates to address the Spring4Shell flaw, according to the virtualization giant, the flaw impacts many of its cloud computing and virtualization products.

The flaw impacts Spring model–view–controller (MVC) and Spring WebFlux applications running on Java Development Kit 9 and later.

Spring4Shell impacts VMware Tanzu Application Service for VMs, VMware Tanzu Operations Manager, and VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).

The exploitation of this flaw could allow a remote attacker to execute arbitrary code on vulnerable systems. Researchers from Palo Alto Networks’ Unit42 and Akamai have observed the issue being exploited in the wild to deploy malicious code.

CISA also added CVE-2022-22675, CVE-2022-22674, CVE-2021-45382 flaws to its catalog. The four vulnerabilities added to the catalog have to be addressed by federal agencies by April 25, 2022.

Tags: Spring4Shell

Comments (0)

Apr 04 2022

Brokenwire attack, how hackers can disrupt charging for electric vehicles

Category: Cyber Attack,Security vulnerabilities — DISC @ 8:00 am

Brokenwire attack, how hackers can disrupt charging for electric vehicles

Boffins devised a new attack technique, dubbed Brokenwire, against the Combined Charging System (CCS) that could potentially disrupt charging for electric vehicles.

A group of researchers from the University of Oxford and Armasuisse S+T has devised a new attack technique, dubbed Brokenwire, against the popular Combined Charging System (CCS) that could be exploited by remote attackers to disrupt charging for electric vehicles.

The Combined Charging System (CCS) is one of the most widely used DC rapid charging technologies for electric vehicles (EVs).

The attack aims at interrupting the control communication between the vehicle and charger, causing the disruption of charging sessions.

“The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously.” reads the post published by the academics. “In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it.”

The researchers demonstrated that the Brokenwire attack can be conducted from a distance of as far as 47m (151ft). Experts pointed out that the interruption of the charging process of critical vehicles, such as electric ambulances, can have life-threatening consequences.

The experts did not disclose details about the attack technique to prevent attacks in the wild.

The researchers published a video PoC of the attack showing their technique in action.

Let me close with a couple of Questions from FAQ published by the researchers:

I have a charger at home, can someone stop my car from charging?

Probably not. Most likely your home charger uses AC charging and a different communication standard (IEC 61851), so won’t be affected. This might change in the future though, with home chargers getting ISO 15118 support.

Can Brokenwire also break my car?

We’ve never seen any evidence of long-term damage caused by the Brokenwire attack. Based on our development work, we also have good reason to expect there isn’t any.

Tags: Brokenwire attack

Comments (0)

Mar 16 2022

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilities — DISC @ 9:52 pm

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) added 15 new flaws to its Known Exploited Vulnerabilities Catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

The new vulnerabilities added to the catalog include one SonicWall SonicOS issue, tracked as CVE-2020-5135, and 14 Microsoft Windows flaws addressed between 2016 and 2019.

The CVE-2020-5135 is a stack-based buffer overflow that affects the SonicWall Network Security Appliance (NSA). The vulnerability can be exploited by an unauthenticated HTTP request involving a custom protocol handler.

The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access.

All the flaws added in this round have to be addressed by federal agencies by April 5.

The CISA Catalog has reached a total of 504 entries with the latest added issues.

Cisa Known Exploited Vulnerabilities Catalog

Hackable

Tags: CISA, Exploited Vulnerabilities Catalog, Hackable

Comments (0)

Mar 10 2022

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Category: Remote code,Security vulnerabilities — DISC @ 10:33 am

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them.

Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Sm

art-UPS devices.

The flaws can allow remote attackers to manipulate the power of millions of enterprise devices carrying out extreme cyber-physical attacks.

Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical systems.

“If exploited, these vulnerabilities, dubbed TLStorm, allow for complete remote take-over of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks. According to Armis data, almost 8 out of 10 companies are exposed to TLStorm vulnerabilities.” reads the analysis published by Armis.

APC has over 20 million devices worldwide, according to the researchers, almost 8 out of 10 companies are exposed to TLStorm vulnerabilities.

Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices.

The researchers discovered that the firmware upgrades are not properly signed and validated.

This third flaw could be exploited by an attacker to achieve persistence by planting a malicious update on vulnerable UPS devices.

Below is the list of the flaws discovered by the experts:

CVE-2022-22806 – TLS authentication bypass: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade.
CVE-2022-22805 – TLS buffer overflow: A memory corruption bug in packet reassembly (RCE).
CVE-2022-0715 – Unsigned firmware upgrade that can be updated over the network (RCE).

An attacker can trigger one of the above issues to gain remote code execution on vulnerable devices and interfere with the operation of the UPS to cause physical damage.

“The fact that UPS devices regulate high voltage power, combined with their Internet connectivity—makes them a high-value cyber-physical target. In the television series Mr. Robot, bad actors cause an explosion using an APC UPS device.” continues Armis. “However, this is no longer a fictional attack. By exploiting these vulnerabilities in the lab, Armis researchers were able to remotely ignite a Smart-UPS device and make it literally go up in smoke.”

Experts pointed out that vulnerabilities in the firmware upgrade process are often abused by sophisticated APT groups.

Armis reported the flaws to Schneider Electric’s APC on October 31, 2021, the vendor addressed them with the release of Patch Tuesday security updates on March 8, 2022.

“UPS devices, like many other digital infrastructure appliances, are often installed and forgotten. Since these devices are connected to the same internal networks as the core business systems, exploitation attempts can have severe implications.” concludes the report. It’s important for security professionals to have complete visibility of all assets, along with the ability to monitor their behavior, in order to identify anomalies and/or exploit attempts. However traditional security solutions do not cover these assets. As a result, they remain “unseen” and therefore expose the organization to significant risk.”

Reliability/Availability of Electrical & Mechanical Systems for Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance (C4ISR) Facilities

Tags: TLStorm flaws, UPS devices

Comments (0)

Mar 08 2022

CISA urges to fix actively exploited Firefox zero-days by March 21

Category: Security vulnerabilities,Zero day — DISC @ 10:34 am

CISA urges to fix actively exploited Firefox zero-days by March 21

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added recently disclosed Firefox zero-days to its Known Exploited Vulnerabilities Catalog.

The Cybersecurity and Infrastructure Security Agency (CISA) added two critical security vulnerabilities in Mozilla firefox, tracked as

CVE-2022-26485

and

CVE-2022-26486

, to its Known Exploited Vulnerabilities Catalog. The US agency has ordered federal civilian agencies to address both issues by March 21, 2022.

Yesterday Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to address the two zero-day vulnerabilities that are actively exploited in attacks.

The two vulnerabilities are “Use-after-free” issues in XSLT parameter processing and in the WebGPU IPC Framework respectively.

Successful exploitation of the flaws can cause a program crash or execute arbitrary commands on the machine.

Below is the description of both flaws included in the advisory published by Mozilla:

CVE-2022-26485: Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
CVE-2022-26486: An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape.

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

CISA added nine other vulnerabilities to its Known Exploited Vulnerabilities Catalog that are reported in the following table along with the associated due date.

CVE ID	Vulnerability Name	Due Date
CVE-2022-26486	Mozilla Firefox Use-After-Free Vulnerability	03/21/22
CVE-2022-26485	Mozilla Firefox Use-After-Free Vulnerability	03/21/22
CVE-2021-21973	VMware vCenter Server, Cloud Foundation Server Side Request Forgery (SSRF)	03/21/22
CVE-2020-8218	Pulse Connect Secure Code Injection Vulnerability	09/07/22
CVE-2019-11581	Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability	09/07/22
CVE-2017-6077	NETGEAR DGN2200 Remote Code Execution Vulnerability	09/07/22
CVE-2016-6277	NETGEAR Multiple Routers Remote Code Execution Vulnerability	09/07/22
CVE-2013-0631	Adobe ColdFusion Information Disclosure Vulnerability	09/07/22
CVE-2013-0629	Adobe ColdFusion Directory Traversal Vulnerability	09/07/22
CVE-2013-0625	Adobe ColdFusion Authentication Bypass Vulnerability	09/07/22
CVE-2009-3960	Adobe BlazeDS Information Disclosure Vulnerability	09/07/22

Tags: CISA, zero-days

Comments (0)

Mar 04 2022

75% of medical infusion pumps affected by known vulnerabilities

Category: hipaa,Security vulnerabilities — DISC @ 9:52 am

75% of medical infusion pumps affected by known vulnerabilities

Researchers analyzed more than 200,000 network-connected medical infusion pumps and discovered that over 100,000 of them are vulnerable.

Researchers from Palo Alto Networks have analyzed more than 200,000 medical infusion pumps on the networks of hospitals and other healthcare organizations and discovered that 75% are affected by known vulnerabilities that could be exploited by attackers.

“We reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for Healthcare from Palo Alto Networks.” reads the report published by Palo Alto Networks. “An alarming 75 percent of infusion pumps scanned had known security gaps that put them at heightened risk of being compromised by attackers. These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices.”

One of the most interesting findings that emerged from the report is that 52% of all infusion pumps analyzed by the experts were susceptible to two vulnerabilities publicly disclosed in 2019. These data are disconcerting considering that the average infusion pump has a life of eight to 10 years.

The following table reports the 10 most prevalent issues that emerged from the scan of network-connected medical devices.

CVE	Severity (Score)	% of analyzed pumps with CVEs
1	CVE-2019-12255	9.8 (Critical)	52.11%
2	CVE-2019-12264	7.1 (High)	52.11%
3	CVE-2016-9355	5.3 (Medium)	50.39%
4	CVE-2016-8375	4.9 (Medium)	50.39%
5	CVE-2020-25165	7.5 (High)	39.54%
6	CVE-2020-12040	9.8 (Critical)	17.83%
7	CVE-2020-12047	9.8 (Critical)	15.23%
8	CVE-2020-12045	9.8 (Critical)	15.23%
9	CVE-2020-12043	9.8 (Critical)	15.23%
10	CVE-2020-12041	9.8 (Critical)	15.23%

^{Table 1. The top 10 most prevalent vulnerabilities found in the more than 200,000 inf}

Experts grouped the issues is several categories, including leakage of sensitive information, unauthorized access and buffer overflow. Palo Alto Networks reported that some issues are related to third-party cross-platform libraries used by the devices, such as network stacks.

CVE-2019-12255

and CVE 2019-12264 vulnerabilities in the TCP/IP stack IPNet.

Both flaws affect 52% of the analyzed infusion pumps, approximately more than 104,000 devices.

Palo Alto Networks recommends healthcare providers adopt a proactive security strategy to prevent attacks, below are some key capabilities to consider when evaluating IoMT security strategies and technologies for healthcare:

Accurate discovery and inventory
Holistic risk assessment
Apply risk reduction policies
Prevent Threats

“Among the 200,000 infusion pumps we studied, 75% were vulnerable to at least one vulnerability or threw up at least one security alert. While some of these vulnerabilities and alerts may be impractical for attackers to take advantage of unless physically present in an organization, all represent a potential risk to the general security of healthcare organizations and the safety of patients – particularly in situations in which threat actors may be motivated to put extra resources into attacking a target.” concludes the report.

Do No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States – cybersecurity expert Matthew Webster delivers an insightful synthesis of the health benefits of the Internet of Medical Things (IoMT), the evolution of security risks that have accompanied the growth of those devices, and practical steps we can take to protect ourselves, our data, and our hospitals from harm.

Tags: medical infusion pumps

Comments (0)

Mar 03 2022

Popular open-source PJSIP library is affected by critical flaws

Category: Security vulnerabilities — DISC @ 10:46 am

Popular open-source PJSIP library is affected by critical flaws

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library.

PJSIP is a communication library written in C language implementing standard-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. It combines signaling protocol (SIP) with rich multimedia framework and NAT traversal functionality into high level API that is portable and suitable for almost any type of systems ranging from desktops, embedded systems, to mobile handsets.

PJSIP supports audio, video, presence, and instant messaging, the APT supplied by the library can be used by IP telephony applications, including VoIP devices.

Many popular communication applications use the library, including WhatsApp, BlueJeans and Asterisk.

An attacker can exploit the flaws to gain arbitrary code execution on devices running applications using the vulnerable library or to trigger a denial-of-service (DoS) condition.

The list of the flaws discovered in the PJSIP library:

Open Source Security: Your Network More Secure With Open Source Tools

Tags: critical flaws, open-source PJSIP

Comments (0)

Feb 22 2022

Microsoft Safety Scanner

Category: Malware,Security vulnerabilities — DISC @ 10:10 am

Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.

Note
Starting November 2019, Safety Scanner will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to run Safety Scanner. To learn more, see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.

Important information

The security intelligence update version of the Microsoft Safety Scanner matches the version described in this web page.
Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.
Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
This tool does not replace your antimalware product. For real-time protection with automatic updates, use Microsoft Defender Antivirus on Windows 11, Windows 10, and Windows 8 or Microsoft Security Essentials on Windows 7. These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on removing difficult threats.

System requirements

Safety Scanner helps remove malicious software from computers running Windows 11, Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. For details, refer to the Microsoft Lifecycle Policy.

How to run a scan

Download this tool and open it.
Select the type of scan that you want to run and start the scan.
Review the scan results displayed on screen. For detailed detection results, view the log at %SYSTEMROOT%\debug\msert.log.

To remove this tool, delete the executable file (msert.exe by default).

For more information about the Safety Scanner, see the support article on how to troubleshoot problems using Safety Scanner.

CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilities — DISC @ 9:57 am

CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited Vulnerabilities Catalog.

The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

Below is the list of the new entries in the catalog:

CVE ID	Description	Patch Deadline
CVE-2022-22587	Apple IOMobileFrameBuffer Memory Corruption Vulnerability	2/11/2022
CVE-2021-20038	SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability	2/11/2022
CVE-2014-7169	GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability	7/28/2022
CVE-2014-6271	GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability	7/28/2022
CVE-2020-0787	Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability	7/28/2022
CVE-2014-1776	Microsoft Internet Explorer Use-After-Free Vulnerability	7/28/2022
CVE-2020-5722	Grandstream Networks UCM6200 Series SQL Injection Vulnerability	7/28/2022
CVE-2017-5689	Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability	7/28/2022

“CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.” reads the announcement published by CISA. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.”

With the addition of these eight vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 351.

Among the recent entries, there is the CVE-2022-22587 memory corruption issue that resides in the IOMobileFrameBuffer and affects iOS, iPadOS, and macOS Monterey. The exploitation of this flaw leads to arbitrary code execution with kernel privileges on compromised devices.

A few days ago, Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices.

CISA is ordering federal agencies to address the CVE-2022-22587 flaw by February 11, 2022, along with the CVE-2021-20038vulnerability in SonicWall SMA 100 Appliances.

The vulnerability is an unauthenticated stack-based buffer overflow that was reported by Jacob Baines, lead security researcher at Rapid7. The

CVE-2021-20038

vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the web application firewall (WAF) is enabled.

A remote attacker can exploit the vulnerability to execute arbitrary code as the ‘nobody’ user in compromised SonicWall appliances.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation.

Tags: CISA, Exploited Vulnerabilities

Comments (0)

Jan 24 2022

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilities — DISC @ 9:59 am

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) this week added seventeen actively exploited vulnerabilities to the Catalog.

The total number of vulnerabilities included in the catalog reached this week 341 vulnerabilities.

CISA is requiring 10 of 17 vulnerabilities added this week to be addressed within February 1st, 2022.

CVE Number	CVE Title	Required Action Due Date
CVE-2021-32648	October CMS Improper Authentication	2/1/2022
CVE-2021-21315	System Information Library for node.js Command Injection Vulnerability	2/1/2022
CVE-2021-21975	Server Side Request Forgery in vRealize Operations Manager API Vulnerability	2/1/2022
CVE-2021-22991	BIG-IP Traffic Microkernel Buffer Overflow Vulnerability	2/1/2022
CVE-2021-25296	Nagios XI OS Command Injection Vulnerability	2/1/2022
CVE-2021-25297	Nagios XI OS Command Injection Vulnerability	2/1/2022
CVE-2021-25298	Nagios XI OS Command Injection Vulnerability	2/1/2022
CVE-2021-33766	Microsoft Exchange Server Information Disclosure Vulnerability	2/1/2022
CVE-2021-40870	Aviatrix Controller Unrestricted Upload of File Vulnerability	2/1/2022
CVE-2021-35247	SolarWinds Serv-U Improper Input Validation Vulnerability	02/04/2022
CVE-2020-11978	Apache Airflow Command Injection Vulnerability	7/18/2022
CVE-2020-13671	Drupal Core Unrestricted Upload of File Vulnerability	7/18/2022
CVE-2020-13927	Apache Airflow Experimental API Authentication Bypass Vulnerability	7/18/2022
CVE-2020-14864	Oracle Corporate Business Intelligence Enterprise Edition Path Traversal Vulnerability	7/18/2022
CVE-2006-1547	Apache Struts 1 ActionForm Denial of Service Vulnerability	07/21/2022
CVE-2012-0391	Apache Struts 2 Improper Input Validation Vulnerability	07/21/2022
CVE-2018-8453	Microsoft Windows Win32k Privilege Escalation Vulnerability	07/21/2022

One of the issues added this week is a vulnerability in the October CMS, tracked as

CVE-2021-32648

, which was recently exploited in attacks against websites of the Ukrainian government.

CISA also added a vulnerability, tracked as

CVE-2021-35247

, recently addressed by SolarWinds in Serv-U products that threat actors are actively exploited in the wild. The company pointed out that all the attack attempts failed.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation

Tags: US CISA

Comments (0)

Jan 17 2022

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites

Category: Security vulnerabilities,Web Security — DISC @ 11:54 am

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites

Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites. The vulnerability tracked as CVE-2022-0215 is a cross-site request forgery (CSRF) issue that received a CVSS score of 8.8.

A threat actor could exploit the vulnerability to take over vulnerable websites.

The flaw impacts three plugins maintained by Xootix:

Login/Signup Popup (Over 20000 installs)
Side Cart Woocommerce (Over 4000 installs)
Waitlist Woocommerce (Over 60000 installs)

“On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Login/Signup Popup”, a WordPress plugin that is installed on over 20,000 sites. A few days later we discovered the same vulnerability present in two additional plugins developed by the same author: “Side Cart Woocommerce (Ajax)”, installed on over 60,000 sites, and “Waitlist Woocommerce ( Back in stock notifier )”, installed on over 4,000 sites.” reads the advisory published by Wordfence. “This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site’s administrator into performing an action, such as clicking on a link.”

WordPress – Security Tips

Tags: WordPress plugins

Comments (0)

Jan 14 2022

Threat actors can bypass malware detection due to Microsoft Defender weakness

Category: Malware,Security vulnerabilities — DISC @ 9:15 am

Threat actors can bypass malware detection due to Microsoft Defender weakness

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection.

Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning.

Microsoft Defender allows users to exclude locations on their machines that should be excluded from scanning by the security solution.

The knowledge of the list of scanning exceptions allows attackers to know where to store their malicious code to avoid detection. This means that once inside a compromised network, threat actors can decide were store their malicious tools and malware without being detected.

The issue seems to affect Windows 10 21H1 and Windows 10 21H2 since at least eight years, but it does not affect Windows 11.

Noticed that almost 8 years ago when I started in Tech Support. Always told myself that if I was some kind of malware dev I would just lookup the WD exclusions and make sure to drop my payload in an excluded folder and/or name it the same as an excluded filename or extension…
— Aura (@SecurityAura) January 12, 2022

SentinelOne threat researcher Antonio Cocomazzi pointed out that the list of scanning exceptions can be accessed by any local user, regardless of its permissions.

Running the “reg query” command it is possible to access the list.

https://twitter.com/splinter_code/status/1481073265380581381?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1481073265380581381%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F126689%2Fhacking%2Fmicrosoft-defender-weakness.html

Tags: Microsoft Defender weakness

Comments (0)

« Previous Page — Next Page »

Researchers uncovered 3.6M accessible MySQL servers worldwide that represent a potential attack surface for their owners.

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

DISC InfoSec

DNS poisoning

DISC InfoSec

About CVE-2022-26809

Mitigation and detection

DISC InfoSec

Unauthenticated access to everything

The U.S. CISA added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog.

Developers Remediate Less Than a Third of Vulnerabilities

Fighting Friction

The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog.

Boffins devised a new attack technique, dubbed Brokenwire, against the Combined Charging System (CCS) that could potentially disrupt charging for electric vehicles.

The US Cybersecurity and Infrastructure Security Agency (CISA) added 15 new flaws to its Known Exploited Vulnerabilities Catalog.

Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added recently disclosed Firefox zero-days to its Known Exploited Vulnerabilities Catalog.

Researchers analyzed more than 200,000 network-connected medical infusion pumps and discovered that over 100,000 of them are vulnerable.

Important information

System requirements

How to run a scan

Related resources

Recommended content

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection.

Get new posts by email:

vCISO as a service

The U.S. CISA added the
CVE-2022-23176
flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog.