Security News > 2022 > May > CISA warns admins to patch actively exploited VMware, Zyxel bugs
The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.
Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.
Since exploitation began, NSA Cybersecurity Director Rob Joyce also warned admins about ongoing exploitation and encouraged them to update their Zyxel firewalls' firmware if vulnerable.
According to a November binding operational directive issued by CISA to reduce the risk of known exploited bugs across US federal networks, all Federal Civilian Executive Branch Agencies agencies must patch their systems against bugs added to the Known Exploited Vulnerabilities Catalog.
Although the BOD 22-01 directive only applies to US FCEB agencies, CISA also strongly urged all US organizations from the private and public sectors to prioritize patching these actively exploited bugs.
Last week, CISA also added an actively exploited Windows LSA spoofing zero-day, now confirmed as a new PetitPotam Windows NTLM Relay attack vector.