{"id":12147,"date":"2022-11-18T06:00:45","date_gmt":"2022-11-18T13:00:45","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=12147"},"modified":"2023-02-17T13:32:23","modified_gmt":"2023-02-17T20:32:23","slug":"dhs-cisa-kevs-weekly-edition-23-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/dhs-cisa-kevs-weekly-edition-23-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 23: Patch Before You Hit the Deadline"},"content":{"rendered":"
In the first two weeks of November, CISA added 10 vulnerabilities to the KEV catalog. They are currently being exploited by hackers.\u00a0 In this blog, we have analyzed the CVEs that CISA recommends be patched in all federal organizations between 14-11-2022 and 29-11-2022.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
From our analysis we found that:<\/p>\n
<\/p>\n
CVE-2022-3723, the 7th zero-day vulnerability from Google<\/a> was exploited in the wild, following which a patch was released. A week later the CISA added it to the list of critical vulnerabilities.<\/p>\n<\/li>\n CVE-2020-3433 and CVE-2020-3153 are CISCO Anyconnect Secure vulnerabilities which allow both remote code execution and privilege escalation in vulnerable devices.<\/p>\n<\/li>\n CVE-2021-25337, CVE-2021-25370, and CVE-2021-25369 are Samsung device vulnerabilities which can be exploited to install spyware on phones.<\/p>\n<\/li>\n<\/ul>\n <\/p>\n <\/p>\n Half of the CVEs are old vulnerabilities (discovered before 2022) and exploited by many ransomware groups. In particular, the BlackByte ransomware group is after the 2018 CVEs (CVE-2018-19321, CVE-2018-19322, CVE-2018-19323).<\/p>\n <\/p>\n Microsoft and GIGABYTE have the most number of vulnerabilities to be patched by the end of this month. Notable vulnerabilities in Microsoft are CVE-2022-41073 (privilege escalation) and CVE-2022-41091<\/a> (Mark-of-the-web).<\/p>\n <\/p>\n Organizations must keep themselves up-to-date with these vendor advisories and upgrade their products as and when new patches are released.<\/p>\n <\/p>\n <\/p>\n Most of the vulnerabilities are ranked high on the CVSS scoring scale. Exploiting such vulnerabilities will allow attackers to cause maximum damage to their victim networks. CISCO (CVE-2020-3433 and CVE-2020-3153) vulnerabilities are actively exploited by the OldGremlin ransomware group.<\/p>\n <\/p>\n <\/p>\n <\/p>\n The following CWEs have caused the vulnerabilities that need to be patched this week.<\/p>\n <\/p>\n <\/p>\n CVE-2018-19320, CVE-2022-41073, CVE-2022-41128, CVE-2022-41125, CVE-2018-19321, CVE-2022-41091, CVE-2018-19323 do not have any CWE associated with it.<\/p>\n <\/p>\nHow Far Back Do They Go?<\/h2>\n
<\/h2>\n
Which Vendors Are Affected?<\/h2>\n
Severity Scores<\/h2>\n
Software Weaknesses<\/h2>\n