The US has just added 3 security vulnerabilities to the list of known exploits (KEVs) from evidence of active exploitation.
According to The Hacker News , 3 new bugs have been included in KEV by the US Cybersecurity and Infrastructure Agency (CISA) including CVE-2023-1389 (CVSS Score 8.8), CVE-2021-45046 (CVSS 9.0) and CVE. -2023-21839 (CVSS 7.5). Bug CVE-2023-1389 describes command injection affecting TP-Link Archer AX-21 routers that are exploited for remote code execution. According to Trend Micro, this vulnerability has been by the Mirai botnet since April 11, 2023. exploited
The second vulnerability added to the KEV category is CVE-2021-45046, described as remote code execution affecting the Apache Log4j2 logging library, which was disclosed in December 2021. Worryingly, it’s still unclear how this bug is being exploited, although data collected by GreyNoise shows there is evidence of exploits from 74 IP addresses over the past 30 days
WebLogic server The third bug just added to KEV is a high severity bug in Oracle versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, which when exploited can allow unauthorized access into sensitive data. It was patched by the company as part of an update released in January 2023.
CISA says the Oracle WebLogic server contains a vulnerability that allows an unauthenticated attacker with network access via T3, IIOP to penetrate. Federal Civil Executive Branch (FCEB) agencies must apply fixes by May 22, 2023 to protect their networks against these active threats.
In early March, VulnCheck announced that up to 42 security vulnerabilities that are likely to be “weaponized” by 2022 were missing from the KEV catalog. Most of them are related to exploits by Mirai -like botnets (27 bugs), followed by ransomware groups (6 bugs) and other threat actors (9 bugs)