The U.S. Cybersecurity and Infrastructure Security Agency (CISA) within the last week has added more than 70 security flaws to its list of known exploited vulnerabilities that U.S. agencies must patch by a certain date, indicating a heightened danger if the bugs are left unpatched.
CISA on Wednesday added 34 bugs to its catalog of known exploited vulnerabilities, in addition to 20 on Tuesday and another 21 on Monday.
As with previous additions, many of the bugs added are several years old, with several Microsoft, Adobe, Oracle, IBM, Apple and Linux bugs dating back more than eight years. This suggests that attackers are still leveraging these older bugs in unpatched systems.
Most of the bugs have a remediation due date of the second full week in June, indicating a heightened level of danger if organizations continue to run the out-of-date software.
According to CISA, the bugs are added to the known exploited vulnerabilities catalog based on evidence of active exploitation, with the vulnerabilities being a frequent attack vector for malicious actors. A U.S. security directive orders agencies to remediate the vulnerabilities by a due date to protect against compromise, but CISA urges all organizations to reduce their exposure by patching the software as soon as possible.
The oldest vulnerabilities recently added are 2010 bugs in Red Hat JBoss and Oracle Java Runtime Environment.
Only one 2022 vulnerability was a part of the latest addition, an open port vulnerability in Cisco IOS XR, tracked as CVE-2022-20821. Despite a medium-level severity, Cisco urges IT administrators to patch it immediately, as a remote attacker could leverage it to access the Redis instance running within the NOSi container and write to the Redis in-memory database, write arbitrary files to the container filesystem and retrieve information about the Redis database.
“Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system,” Cisco says in an advisory.
The company says this affects Cisco 8000 Series Routers if they were running a vulnerable release of Cisco IOS XR Software and had the health check RPM installed and active.