{"id":8467,"date":"2021-12-10T16:54:40","date_gmt":"2021-12-10T23:54:40","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8467"},"modified":"2023-03-07T15:42:12","modified_gmt":"2023-03-07T22:42:12","slug":"cisapatch-these-291-cves-before-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/cisapatch-these-291-cves-before-the-deadline\/","title":{"rendered":"CISA &#8211; Patch These 291 CVEs Before The Deadline!"},"content":{"rendered":"<p dir=\"ltr\">On November 3, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a new <a href=\"https:\/\/cyber.dhs.gov\/bod\/22-01\/\">Binding Operational Directive<\/a> urging public entities to fix Known Exploited Vulnerabilities (KEV) within defined time frames. This catalog consists of 291 vulnerabilities dating back to 2010 that threat actors have been actively exploiting in attacks.<\/p>\n<p dir=\"ltr\">In a recent update to this catalog, CISA has set a deadline for federal agencies to apply fixes for the newly added five security flaws in Qualcomm, MikroTik, Zoho, and the Apache Software Foundation.<\/p>\n<p dir=\"ltr\">We have analyzed these vulnerabilities and have spotlighted their threat associations that ought to be fixed on priority.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 800px; height: 406px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-1-24-1.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\">Weaponized Vulnerabilities<\/h2>\n<p dir=\"ltr\">According to CISA, these 291 CVEs have been weaponized with known exploits. Here is our analysis:<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">53 CVEs are associated with multiple ransomware families.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">57 CVEs are linked to APT groups.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">24 CVEs are correlated to malware threats.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">94 CVEs are classified as Remote Code Execution.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">17 CVEs have Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE has denial-of-service capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">11 CVEs are web application exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">167 CVEs are high severity, 118 are medium severity, and 5 are low severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 383px;\" src=\"\/wp-content\/uploads\/2015\/11\/weaponized-vulnerabilities-1.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\">Old Vulnerabilities<\/h2>\n<p dir=\"ltr\">CISA\u2019s catalog included 181 old vulnerabilities that were found to be active during the past decade.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">35 CVEs are associated with multiple ransomware families.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">37 CVEs are linked to APT groups.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">20 CVEs are correlated to malware threats.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">47 CVEs are classified as Remote Code Execution.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">16 CVEs have Privilege Escalation capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">118 CVEs are high severity, 60 are medium severity, and 3 are low severity.<\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><\/h2>\n<h2 dir=\"ltr\">Top Five Ransomware and APT Groups<\/h2>\n<p dir=\"ltr\">CVE-2019-19781 is a Remote Code Execution vulnerability that has been identified as one of the most popular among attackers, with 12 different ransomware variants. This vulnerability has a CVSS score of 9.8 and is accredited with the weakness enumeration, CWE-22, which is in the Top 10 software vulnerabilities on the MITRE 2021 CWE Top 25 list.<\/p>\n<p dir=\"ltr\">In addition to the <a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/nsa-validates-csws-warning-on-two-critical-vulnerabilities-1.html\">warnings issued by the NSA, FBI, and CISA<\/a>, this significant CVE has been detected in multiple cyber incidents in 2021.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 282px;\" src=\"\/wp-content\/uploads\/2015\/11\/top-five-ransoware-assosiated-cves-1.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">CVE-2012-0158 is one of the old vulnerabilities that has been associated with 23 Advanced Persistent Threat (APT) groups. This CVE holds a severity score of 9.3 and is categorized under CWE-94, leading to Improper Control of Generation of Code. CWE-94 has been covered in the 2021 CWE Top 30 and is also listed in the OWASP Top 10 2021 (A3).<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 289px;\" src=\"\/wp-content\/uploads\/2015\/11\/patch-watch-revamp-2-1.png\" alt=\"\" \/><\/p>\n<h2>Common Weakness Enumeration (CWE)<\/h2>\n<p dir=\"ltr\">Based on the CWE categorization, the Top Five CWEs covered the highest number of CVEs grouped under the Top 30 Most Dangerous Software Weaknesses of 2021.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 393px;\" src=\"\/wp-content\/uploads\/2015\/11\/top-five-cwe-1.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\">Latency Analysis<\/h2>\n<p dir=\"ltr\">Securin\u2019s analysts studied the latency details and listed out the following:<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">The National Vulnerabilities Database (NVD) waited an average of 122 days from the patch disclosure to reveal the CVE information for 34% of the red-flagged vulnerabilities by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">13 CVEs were exploited even before they were published to the NVD.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">An exploit was released on the day of the disclosure in the NVD for five vulnerabilities.<\/p>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\">Affected Vendors<\/h2>\n<p dir=\"ltr\">The KEVs listed out by CISA had impacted 68 vendors, including Microsoft, Apple, Oracle, Adobe, Atlassian, Fortinet, and other organizations. A notable statistic is that 82 vulnerabilities from the overall list are attached to Microsoft.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 332px;\" src=\"\/wp-content\/uploads\/2015\/11\/top-five-affected-vendors-1.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\">Running Out of Time!<\/h2>\n<p dir=\"ltr\">The patching deadline for many exploited vulnerabilities in the catalog published by CISA is set to May 3, 2022. There is no doubt that the catalog\u2019s publication provides a chance for private organizations to evaluate their systems and address the flaws.<\/p>\n<p dir=\"ltr\">\u00a0<img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 324px;\" src=\"\/wp-content\/uploads\/2015\/11\/time-to-fix-vul_1-1.png\" alt=\"\" \/><\/p>\n<p><a id=\"airtable\" name=\"airtable\"><\/a><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrYeVRRViTdI3uJH?backgroundColor=green&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p><strong>Table: CISA Listed Known Exploited Vulnerabilities<\/strong><\/p>\n<p dir=\"ltr\">The new directive comes on the heels of the high-level concern in the government and private sector over recent attacks, such as the ones involving <a href=\"https:\/\/cybersecurityworks.com\/blog\/vulnerabilities\/critical-solarwinds-serv-u-ftp-flaw-exploited-by-new-chinese-threat-group.html\">SolarWinds<\/a> and <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/kaseya-vsa-downed-by-revil-in-monumental-supply-chain-attack.html\">Kaseya<\/a> and those exploiting <a href=\"https:\/\/cybersecurityworks.com\/blog\/ransomware\/microsoft-exchange-proxyshell-and-windows-petitpotam-vulnerabilities-chained-in-new-attack.html\">Microsoft Exchange<\/a>, <a href=\"https:\/\/cybersecurityworks.com\/blog\/vulnerabilities\/new-threat-group-agrius-exploits-old-fortinet-vpn-vulnerabilities.html\">Fortinet<\/a>, <a href=\"https:\/\/cybersecurityworks.com\/blog\/vulnerabilities\/cisa-fbi-zoho-flaws-being-actively-exploited-patch-now.html\">Zoho<\/a>, and <a href=\"https:\/\/cybersecurityworks.com\/patchwatch\/patch-watch-csw-analysis-of-pulse-secure-vulnerabilities.html\">Pulse VPN<\/a> over the past year. The cyberattacks impacted a wide range of companies, and many of them contained vulnerabilities that organizations should have been aware of and patched long ago.<\/p>\n<p dir=\"ltr\">CISA will update the catalog periodically with information on any new vulnerabilities that pose a risk to the federal government or the vulnerabilities that may be exploited.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On November 3, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a new Binding Operational Directive urging public entities to fix Known Exploited Vulnerabilities (KEV) within defined time frames. This catalog consists of 291 vulnerabilities dating back to 2010 that threat actors have been actively exploiting in attacks. In a recent update to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14436,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[287,289],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8467"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14436"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8467"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}