Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Adds Dahua Linux and Microsoft Flaws

August 21, 2024
Reading Time: 2 mins read
in Alerts

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, focusing on significant security issues related to Dahua IP cameras, the Linux kernel, and Microsoft Exchange Server. Among the vulnerabilities, CVE-2021-33044 and CVE-2021-33045 are identified as authentication bypass vulnerabilities affecting various Dahua camera models, allowing remote attackers to exploit these devices by sending specially crafted data packets. With a CVSS v3 score of 8.1, these flaws underscore the urgent need for users to apply security updates to prevent unauthorized access and exploitation.

CISA’s advisory highlights the risks posed by exposed Dahua devices, which can easily be located through search engines such as Shodan. This accessibility makes it simpler for threat actors to launch attacks using publicly available proof-of-concept (PoC) code. To counter these vulnerabilities, CISA strongly recommends that users install the latest firmware updates for their Dahua cameras, as this is essential for mitigating potential security threats stemming from these authentication bypass vulnerabilities.

In addition to the Dahua vulnerabilities, CISA also flagged CVE-2022-0185, a heap-based buffer overflow vulnerability in the Linux kernel that has reportedly been exploited in the wild by threat actors linked to China. This vulnerability allows unprivileged local users to escalate their privileges on systems that fail to support the Filesystem Context API. The implications of this flaw are serious, as it enables attackers to gain greater access and control over vulnerable Linux systems, necessitating swift action from organizations to patch and secure their environments against such exploits.

Finally, the catalog includes CVE-2021-31196, a remote code execution vulnerability affecting Microsoft Exchange Server, which allows attackers to execute code with the same privileges as the affected server’s service account. Microsoft has released security patches to address this vulnerability, and CISA mandates that federal agencies remediate it by September 11, 2024. CISA’s guidance also extends to private organizations, urging them to review the KEV catalog and address any identified vulnerabilities within their infrastructure to bolster defenses against potential cyberattacks.

 

Reference:

  • CISA Adds New Critical Vulnerabilities for Dahua IP Camera and Microsoft Exchange

Tags: August 2024Cyber AlertsCyber Alerts 2024Cyber threatsCybersecurity and Infrastructure Security Agency (CISA)DahuaKnown Exploited Vulnerabilities CatalogLinuxMicrosoft
ADVERTISEMENT

Related Posts

Hackers Target Libraesva Email Flaw

Hackers Target Libraesva Email Flaw

September 30, 2025
Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

September 30, 2025
Hackers Target Libraesva Email Flaw

Cisco Warns Of IOS Zero Day Bug

September 30, 2025
Fake Microsoft Teams Installers Spread

Fake Microsoft Teams Installers Spread

September 30, 2025
Fake Microsoft Teams Installers Spread

Cybercriminals Use Facebook Google Ads

September 30, 2025
Fake Microsoft Teams Installers Spread

CISA Warns Of Critical Sudo Flaw

September 30, 2025

Latest Alerts

Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

Cisco Warns Of IOS Zero Day Bug

CISA Warns Of Critical Sudo Flaw

Cybercriminals Use Facebook Google Ads

Fake Microsoft Teams Installers Spread

Subscribe to our newsletter

    Latest Incidents

    Ukrainian Hackers Breach Crimean Servers

    Ransomware Gang Claims Maryland Breach

    Arizona School District Data Breach

    Attackers Take Down Asahi Brewer

    Harrods Alerts Customers To Breach

    Hackers Steal Photos From Kido Nursery

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial