The U.S. CISA has added 4 vulnerabilities to it’d Known Exploited Vulnerabilities Catalog (KEV) belongs to Dahua, Microsoft, and Linux products based on the mass exploitation
CVE-2022-0185
Linux Kernel Heap-Based Buffer Overflow with a CVSS score of 8.4 resides in Linux kernel contains aheap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
CVE-2021-31196
Microsoft Exchange Server Information Disclosure Vulnerability with a CVSS score of 7.2 stems in Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
CVE-2021-33044
Dahua IP Camera Authentication Bypass Vulnerability with a CVSS score of 9.8 stems in Dahua IP cameras and related products contain an authentication bypass vulnerability when NetKeyboard type argument is specified by the client during authentication.
CVE-2021-33045
Dahua IP Camera Authentication Bypass Vulnerability with a CVSS score of 9.8 stems in Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
All government agencies are being notified to remediate the vulnerability and given a timeline until 11th September 2024.
