Security News > 2023 > April > CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added five security flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation in the wild.
This includes three high-severity flaws in the Veritas Backup Exec Agent software that could lead to the execution of privileged commands on the underlying system.
The flaws were fixed in a patch released by Veritas in March 2021.
The threat intelligence firm, which is tracking the affiliate actor under its uncategorized moniker UNC4466, said it first observed exploitation of the flaws in the wild on October 22, 2022.
Also added by CISA to the KEV catalog is CVE-2019-1388, a privilege escalation flaw impacting Microsoft Windows Certificate Dialog that could be exploited to run processes with elevated permissions on an already compromised host.
The advisory also comes as Apple released updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that it said has been exploited in real-world attacks.
News URL
https://thehackernews.com/2023/04/cisa-warns-of-5-actively-exploited.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-12 | CVE-2019-1388 | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. | 7.8 |