CISA KEV Update June 2023 – Part III

The US CISA added eight new vulnerabilities to its known exploited vulnerabilities catalog, six were now-patched security flaws that impacted Samsung mobile devices and the two others are D-Link router and access point vulnerabilities, also with available patches, exploited by a variant of a Mirai botnet.

All of the bugs being exploited and identified by CISA have been patched for several years.

The most severe Samsung bug is a vulnerability tracked as CVE-2021-25487 classified as an out-of-bounds read error impacting the handset modem interface driver. The flaw can lead to arbitrary code execution by an adversary. Both Samsung and NIST classified the bug as high severity, with NIST giving it a 7.8 CVSS score and Samsung a 7.3.

One of the D-Link vulnerabilities tracked as CVE-2019-17621, remote command injection bug, being exploited by a new variant of the Mirai botnet targeting D-Link’s DIR-859 router. Also targeted by the Mirai variant are multiple vulnerabilities in Zyxel and Netgear devices.

The five other Samsung bugs include the following:

• CVE-2021-25489, a low-severity format string bug in the modem interface driver that can lead to a DoS condition.
• CVE-2021-25394 and CVE-2021-25395: moderate-severity use-after-free bugs in the MFC charger drivers. Allows local attackers to bypass signature check given a radio privilege is compromised.
• CVE-2021-25371: a medium severity vulnerability inside the DSP driver.
• CVE-2021-25372: a medium severity improper boundary check in DSP driver.
• CVE-2019-20500 – An OS command injection vulnerability in D-Link router