The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding five new vulnerabilities that are actively being exploited in the wild. These vulnerabilities pose significant risks to federal systems, and their exploitation can lead to various security breaches.
1. CVE-2025-04117: 7-Zip Mark of the Web Bypass Vulnerability
- Description: This vulnerability allows attackers to bypass the Mark of the Web (MoTW) security feature in 7-Zip. The MoTW feature is designed to add a security warning to files downloaded from the internet, prompting users to proceed with caution.
- Technical Details: Attackers can craft malicious files that, when opened with 7-Zip, bypass the MoTW checks and execute without triggering security warnings.
- Impact: Successful exploitation can lead to the execution of arbitrary code on affected systems, potentially resulting in full system compromise.
- Mitigation: Users should update to the latest version of 7-Zip, which includes patches for this vulnerability. Additionally, avoid opening files from untrusted sources.
2. CVE-2022-23748: Dante Discovery Process Control Vulnerability
- Description: This vulnerability affects the discovery process of the Dante audio networking software. Dante is widely used for digital audio networking in various industries.
- Technical Details: Attackers can send specially crafted packets to disrupt the discovery process, causing the software to fail to identify or connect to audio devices.
- Impact: Exploitation can lead to the disruption of audio networking services and potential denial of service (DoS) attacks.
- Mitigation: Users should apply patches provided by the vendor and implement network segmentation to isolate audio networking systems from general network traffic.
3. CVE-2024-21413: Microsoft Outlook Improper Input Validation Vulnerability
- Description: This vulnerability arises from improper input validation in Microsoft Outlook. It allows attackers to send specially crafted emails that can execute arbitrary code when opened by the user.
- Technical Details: The vulnerability exploits flaws in the way Outlook handles certain email content, leading to arbitrary code execution.
- Impact: Successful exploitation can lead to data theft, system compromise, and further spread of malware.
- Mitigation: Users should update to the latest version of Microsoft Outlook, which includes security patches for this vulnerability. Additionally, enable email filtering and security features to block malicious emails.
4. CVE-2020-29574: CyberoamOS (CROS) SQL Injection Vulnerability
- Description: This vulnerability affects the CyberoamOS web interface, which is used for managing Cyberoam network security devices. It allows attackers to inject malicious SQL queries.
- Technical Details: Attackers can exploit this vulnerability by sending crafted requests to the web interface, leading to unauthorized access to the database.
- Impact: Exploitation can result in unauthorized access to sensitive data, including user credentials and configuration settings.
- Mitigation: Users should apply patches provided by the vendor and ensure that web application firewalls are configured to block SQL injection attacks.
5. CVE-2020-15069: Sophos XG Firewall Buffer Overflow Vulnerability
- Description: This vulnerability is due to a buffer overflow in the Sophos XG Firewall. It allows attackers to send specially crafted packets that cause the firewall to execute arbitrary code.
- Technical Details: The vulnerability arises from improper handling of input data, leading to memory corruption and code execution.
- Impact: Successful exploitation can lead to full system compromise, allowing attackers to bypass security measures and gain unauthorized access.
- Mitigation: Users should update to the latest firmware version provided by Sophos, which includes patches for this vulnerability. Implementing network segmentation and intrusion detection systems can also help mitigate the risk.
Final Thoughts
The addition of these five vulnerabilities to CISA’s KEV Catalog underscores the critical nature of these security issues and the importance of timely remediation. By applying the recommended patches, implementing robust security measures, and maintaining a proactive security posture, organizations can mitigate the risks associated with these vulnerabilities and protect their systems from potential exploitation.
Pingback: CISA KEV Catalog Update Part III- February 2025 - Whalers Blog