Cybersecurity and Infrastructure Security Agency (CISA) has elevated the alert status by adding two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The first vulnerability, CVE-2023-21237, relates to Pixel phones and exposes a critical flaw in the Framework component, allowing attackers to access sensitive information without requiring additional execution privileges or user interaction. Google had patched this flaw in June 2023, citing “limited, targeted exploitation.” However, the subtlety of the exploit suggests potential involvement in a larger, possibly commercial, spyware scheme.
The second vulnerability, CVE-2021-36380, affects Sunhillo SureLine, a surveillance data distribution and conversion product utilized in the aviation industry. This flaw, categorized as a critical unauthenticated OS command injection issue, was discovered and patched in the summer of 2021 by NCC Group. Recent reports from SonicWall indicate exploitation attempts associated with the Mirai botnet in November 2023. This highlights an ongoing threat landscape where vulnerabilities in critical infrastructure software, like SureLine, are actively targeted for potential compromise.
CISA has promptly responded to these threats by instructing federal agencies to address these vulnerabilities by March 26. While the directive is binding for government entities, the broader cybersecurity community is strongly encouraged to leverage this information for effective vulnerability prioritization and mitigation efforts.
