8 new vulnerabilities that CISA wants government agencies and private companies to be careful about and patch them immediately

On Monday, the Cybersecurity and Infrastructure Security Agency (CISA) published a report detailing the detection of eight new security flaws in its Known Exploited Vulnerabilities Catalog, some of which could have been actively exploited in recent weeks.

According to the Agency, these are potential attack vectors, very attractive to threat actors around the world and the world’s governments should push public agencies and private entities to address these issues. Because they reside in multiple vendor solutions, flaws could be exploited in all kinds of environments and by threat actors of any level and expertise.

Below is a brief description of the reported flaws, along with their corresponding CVE tracking keys:

  • CVE-2022-22587: Memory corruption error in Apple IOMobileFrameBuffer
  • CVE-2021-20038: SonicWall SMA 100 Device Stack Based Buffer Overflow Vulnerability
  • CVE-2014-7169: GNU Bourne-Again Shell arbitrary code execution error
  • CVE-2014-6271: GNU Bourne-Again Shell Arbitrary Code Execution Vulnerability  
  • CVE-2020-0787: Incorrect privilege management in Windows Background Intelligent Transfer Service (BITS)
  • CVE-2014-1776: Use-after-free error in Microsoft Internet Explorer
  • CVE-2020-5722: SQL Injection in Grandstream Networks UCM6200 Series
  • CVE-2017-5689: Privilege escalation vulnerability in Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability

The Catalogue was implemented as part of binding Operational Directive 22-01 as a measure for the prevention of attacks related to known vulnerabilities. This directive requires federal government agencies to address identified vulnerabilities by a deadline in order to protect government networks against cybersecurity threats.

CISA recommends both public and private organizations minimize the risk of attack related to these flaws, including the implementation of security patches and application of additional security measures depending on the vulnerable product or software.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.