CISA warns admins to patch actively exploited Spring, Zyxel bugs
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.
The Spring Framework vulnerability (CVE-2022-22947) is a maximum severity weakness that attackers can abuse to gain remote code execution on unpatched hosts.
This critical bug is currently being exploited by a botnet known as Sysrv to install cryptomining malware on vulnerable Windows and Linux servers.
Threat actors are also abusing a critical Zyxel firmware vulnerability (CVE-2022-30525), patched on May 12th and under active exploitation starting the next day, on May 13th.
Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.
Since exploitation began, NSA Cybersecurity Director Rob Joyce also warned admins about ongoing exploitation and encouraged them to update their Zyxel firewalls’ firmware if vulnerable.
Federal agencies have three weeks to patch
According to a November binding operational directive (BOD 22-01) issued by CISA to reduce the risk of known exploited bugs across US federal networks, all Federal Civilian Executive Branch Agencies (FCEB) agencies must patch their systems against bugs added to the Known Exploited Vulnerabilities Catalog (KEV).
The US cybersecurity agency gave them three weeks to fix these flaws until June 6th to block ongoing exploitation attempts.
Although the BOD 22-01 directive only applies to US FCEB agencies, CISA also strongly urged all US organizations from the private and public sectors to prioritize patching these actively exploited bugs.
Following the agency’s advice should notably reduce the attack surface threat actors can exploit in attempts to breach vulnerable networks.
Last week, CISA also added an actively exploited Windows LSA spoofing zero-day (CVE-2022-26925), now confirmed as a new PetitPotam Windows NTLM Relay attack vector.
Reference: https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-actively-exploited-spring-zyxel-bugs/
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055