The Cybersecurity and Infrastructure Security Agency (CISA) has added 66 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Recent additions include WatchGuard, Mitel, Windows and many other product vulnerabilities.
An attacker could exploit these vulnerabilities to take over impacted systems.
The most recently patched vulnerabilities added to the the catalog include a WatchGuard, Mitel and Windows vulnerabilities patched this year:
|CVE ID||Vulnerability Name|
|CVE-2022-26318||WatchGuard Firebox and XTM Appliances Arbitrary Code Execution|
|CVE-2022-26143||Mitel MiCollab, MiVoice Business Express Access Control Vulnerability|
|CVE-2022-21999||Microsoft Windows Print Spooler Privilege Escalation Vulnerability|
The first of the exploited vulnerabilities (CVE-2022-26318) impacts WatchGuard Firebox and XTM appliances, which could allow an unauthenticated attacker to execute arbitrary code.
This WatchGuard vulnerability (rated Critical and CVSS score of 9.8) impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Readers may recall just last month when Sandworm threat actors used Cyclops Blink malware to target small office/home office (SOHO) routers and network attached storage (NAS) devices.
Cybersecurity experts warned the actors likely may have taken advantage of weaknesses in the firmware update process present in WatchGuard Firebox and possibly other SOHO devices.
A second exploited vulnerability is CVE-2022-26143 (rated Critical and CVSS score of 9.8) that affects MiCollab and MiVoice Business Express devices, which may allow a bad actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
NIST described the threat in an advisory:
“The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.”
Windows Print Spooler
The third of the most recently added exploited issues is a Microsoft Windows Print Spooler vulnerability CVE-2022-21999 which can allow for privilege escalation.
Microsoft patched this vulnerability as part of February 2022 security updates.