Security News > 2022 > March > CISA adds 66 vulnerabilities to list of bugs exploited in attacks

CISA adds 66 vulnerabilities to list of bugs exploited in attacks
2022-03-26 17:22

The Cybersecurity and Infrastructure Security Agency has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities.

The new set of 66 actively exploited vulnerabilities published by CISA spans disclosure dates between 2005 and 2022, covering a broad spectrum of software and hardware types and versions.

The Mitel CVE-2022-26143 and Windows CVE-2022-21999 vulnerabilities disclosed in February are two particularly interesting bugs.

The addition of these 66 vulnerabilities at this time doesn't necessarily mean that CISA's analysts just spotted their active exploitation in the wild.

The Windows Print Spooler CVE-2022-21999 vulnerability, the Mitel DDoS CVE-2022-26143 amplification vulnerability, and the CVE-2022-26318 WatchGuard vulnerabilities were disclosed in February and were quickly exploited by threat actors.

Due to the large number of flaws comprising the latest set, CISA hasn't supplied the usual summary table, so system administrators will have to review the new entries on the catalog, which now counts a total of 570 vulnerabilities.


News URL

https://www.bleepingcomputer.com/news/security/cisa-adds-66-vulnerabilities-to-list-of-bugs-exploited-in-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-26143 Missing Authentication for Critical Function vulnerability in Mitel Micollab and Mivoice Business Express
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic).
network
low complexity
mitel CWE-306
critical
9.8
2022-03-04 CVE-2022-26318 Unspecified vulnerability in Watchguard Fireware
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786.
network
low complexity
watchguard
critical
9.8
2022-02-09 CVE-2022-21999 Link Following vulnerability in Microsoft products
Windows Print Spooler Elevation of Privilege Vulnerability
0.0