U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the descriptions for these vulnerabilities:
- CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability
- CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
- CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability
- CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
CVE-2023-25280 is an OS command injection vulnerability in D-Link DIR-820 router. Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices, including CVE-2023-25280.
CVE-2020-15415 is an OS command injection vulnerability in DrayTek Multiple Vigor Routers. Since the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws, including CVE-2020-15415.
CVE-2019-0344 is a deserialization of untrusted data vulnerability. SAP Commerce Cloud
CVE-2021-4043 is a null pointer dereference vulnerability in Motion Spell GPAC.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by October 21, 2024.
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)