The Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Recent additions include SonicWall SonicOS, Windows UPnP, and other Microsoft Windows vulnerabilities.
An attacker could exploit these vulnerabilities to take over impacted systems.
SonicWall SonicOS
The first of the exploited vulnerabilities (CVE-2020-5135) is a a buffer overflow vulnerability in SonicOS, which allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. The issue was patched in October, 2020.
SonicWall noted the vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v.
Back in January of this year, CISA added another exploited SonicWall issue, a SonicWall SMA 100 Appliances Stack-Based Buffer Overflow vulnerability CVE-2021-20038, to the catalog.
Windows UPnP
The second exploited issue added to the list is a Windows UPnP Service Elevation of Privilege vulnerability CVE-2019-1405 (CVSS score of 7.8).
Universal Plug and Play (UPnP) is a set of networking protocols that allow networked devices (such as WiFi devices, personal computers, printers and mobile devices) to discover each other over the network. UPnP-enabled devices can then more easily share data and perform communication functions.
In June, 2020, researchers discovered a similar UPnP vulnerability dubbed “CallStranger” that could allow a remote attacker to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations. As a result, the issue could lead to amplified DDoS attacks and data exfiltration.
Similarly, researchers from Akamai back in 2018 discovered attackers abusing UPnP vulnerabilities to conceal traffic. As a result, the actors created a malicious proxy system dubbed “UPnProxy.”
Other Microsoft vulnerabilities
Rounding out the exploited issues, CISA added the following Microsoft Windows and other Microsoft product vulnerabilities.
| CVE ID | Vulnerability Name |
| CVE-2019-1322 | Microsoft Windows Privilege Escalation Vulnerability |
| CVE-2019-1315 | Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability |
| CVE-2019-1253 | Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability |
| CVE-2019-1129 | Microsoft Windows AppXSVC Privilege Escalation Vulnerability |
| CVE-2019-1069 | Microsoft Task Scheduler Privilege Escalation Vulnerability |
| CVE-2019-1064 | Microsoft Windows AppXSVC Privilege Escalation Vulnerability |
| CVE-2019-0841 | Microsoft Windows AppXSVC Privilege Escalation Vulnerability |
| CVE-2019-0543 | Microsoft Windows Privilege Escalation Vulnerability |
| CVE-2018-8120 | Microsoft Win32k Privilege Escalation Vulnerability |
| CVE-2017-0101 | Microsoft Windows Transaction Manager Privilege Escalation Vulnerability |
| CVE-2016-3309 | Microsoft Windows Kernel Privilege Escalation Vulnerability |
| CVE-2015-2546 | Microsoft Win32k Memory Corruption Vulnerability |
| CVE-2019-1132 | Microsoft Win32k Privilege Escalation Vulnerability |
Readers can check out the most recent CISA post last update March 16, 2022, as well as the complete Known Exploited Vulnerabilities Catalog.