Security News > 2022 > March > CISA adds 66 vulnerabilities to list of bugs exploited in attacks
The Cybersecurity and Infrastructure Security Agency has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities.
The new set of 66 actively exploited vulnerabilities published by CISA spans disclosure dates between 2005 and 2022, covering a broad spectrum of software and hardware types and versions.
The Mitel CVE-2022-26143 and Windows CVE-2022-21999 vulnerabilities disclosed in February are two particularly interesting bugs.
The addition of these 66 vulnerabilities at this time doesn't necessarily mean that CISA's analysts just spotted their active exploitation in the wild.
The Windows Print Spooler CVE-2022-21999 vulnerability, the Mitel DDoS CVE-2022-26143 amplification vulnerability, and the CVE-2022-26318 WatchGuard vulnerabilities were disclosed in February and were quickly exploited by threat actors.
Due to the large number of flaws comprising the latest set, CISA hasn't supplied the usual summary table, so system administrators will have to review the new entries on the catalog, which now counts a total of 570 vulnerabilities.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2022-26143 | Missing Authentication for Critical Function vulnerability in Mitel Micollab and Mivoice Business Express The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). | 9.8 |
2022-03-04 | CVE-2022-26318 | Unspecified vulnerability in Watchguard Fireware On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. | 9.8 |
2022-02-09 | CVE-2022-21999 | Link Following vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 0.0 |