The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, focusing on significant security issues related to Dahua IP cameras, the Linux kernel, and Microsoft Exchange Server. Among the vulnerabilities, CVE-2021-33044 and CVE-2021-33045 are identified as authentication bypass vulnerabilities affecting various Dahua camera models, allowing remote attackers to exploit these devices by sending specially crafted data packets. With a CVSS v3 score of 8.1, these flaws underscore the urgent need for users to apply security updates to prevent unauthorized access and exploitation.
CISA’s advisory highlights the risks posed by exposed Dahua devices, which can easily be located through search engines such as Shodan. This accessibility makes it simpler for threat actors to launch attacks using publicly available proof-of-concept (PoC) code. To counter these vulnerabilities, CISA strongly recommends that users install the latest firmware updates for their Dahua cameras, as this is essential for mitigating potential security threats stemming from these authentication bypass vulnerabilities.
In addition to the Dahua vulnerabilities, CISA also flagged CVE-2022-0185, a heap-based buffer overflow vulnerability in the Linux kernel that has reportedly been exploited in the wild by threat actors linked to China. This vulnerability allows unprivileged local users to escalate their privileges on systems that fail to support the Filesystem Context API. The implications of this flaw are serious, as it enables attackers to gain greater access and control over vulnerable Linux systems, necessitating swift action from organizations to patch and secure their environments against such exploits.
Finally, the catalog includes CVE-2021-31196, a remote code execution vulnerability affecting Microsoft Exchange Server, which allows attackers to execute code with the same privileges as the affected server’s service account. Microsoft has released security patches to address this vulnerability, and CISA mandates that federal agencies remediate it by September 11, 2024. CISA’s guidance also extends to private organizations, urging them to review the KEV catalog and address any identified vulnerabilities within their infrastructure to bolster defenses against potential cyberattacks.
Reference:
