Multiple vulnerabilities added by CISA on 4th April

CISA has added four vulnerabilities that are being actively scoured and exploited over the web. All these four vulnerabilities ought to be patched and resolved in the next 3 weeks, before 25th April 2022. We look at these vulnerabilities and the affected IT infrastructure.

CVE-2022-22965 – VMWare Spring Framework

The salient points about the VMWare CVE-2022-22965 are presented below for your ready reference.

1.CVE-2022-22965 affects the Spring Framework on VMWare. At this point, the Spring Framework vulnerability has been found to affect Spring MVC or Spring WebFlux applications running on JDK 9+.

2. The Spring Framework vulnerability has a CRITICAL severity. Since it is being actively exploited, efforts must be made to patch the VMWare servers on an immediate basis.

3. This is a vulnerability that could cause a remote attacker to deploy malicious code and execute it on the target server. The vulnerability is a Remote Code Execution threat with a critical impact on the target servers.

4. The vulnerability will apply on the target VMWare server when all the below-mentioned conditions are fulfilled:

  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as WAR
  • spring-webmvc or spring-webflux dependency

5. The affected versions of Spring Framework are mentioned below:

  • 5.3.0 to 5.3.17
  • 5.2.0 to 5.2.19
  • Older, unsupported versions are also affected

6. CVE-2022-22965 can be mitigated by updating the Spring Framework to the latest builds.

  • Spring Framework version 5.3.x needs to be updated to 5.3.18 or later versions.
  • Spring Framework version 5.2.x needs to be updated to 5.2.20 or later versions.

The most significant aspect of the Spring Framework vulnerability is that it needs to be patched and closed before 25th April 2022. And, also the fact that it has been added to the list of actively exploited vulnerabilities by CISA.

CVE-2022-22675 – Apple macOS Monterey out of bound write vulnerability

We present the salient points about the Apple macOS Monterey out-of-bounds write vulnerability for your ready reference.

  1. macOS Monterey versions 12.3 and older are affected with an out-of-bound write vulnerability.
  2. CVSS score for CVE-2022-22675 is 10.
  3. The vulnerability has a critical impact on the macOS and the associated IT infrastructure.
  4. The vulnerability, CVE-2022-22675, can cause memory corruption due to a security loophole in the AppleAVD component of the macOS. It allows an authenticated attacker to deploy a malicious application with kernel privileges.
  5. Local access to the system is needed to deploy the exploit.
  6. Other details of the vulnerability are not available in the public domain as of now.
  7. Apple has released a security update that should update the macOS to version 12.3.1. macOS Monterey’s latest version 12.3.1 will patch the system against this critical vulnerability.
  8. The latest software update can be automatically deployed on your Mac by downloading it through System Preferences —> Software updates on your system.

CISA has detected attempts to target this vulnerability CVE-2022-22675. It has advised patching the macOS Monterey 12.3.0 and older versions before 25th April 2022.

CVE-2022-22674 – Apple macOS Monterey out of bound read vulnerability

We discuss the salient points about the CVE-2022-22674 vulnerability that affects the macOS Monterey version 12.3 and older versions.

  1. CVE-2022-22674 is being actively exploited or is more likely to be exploited.
  2. The vulnerability affects the Intel Graphics adapter on macOS Monterey 12.3 operating system. It causes a malicious application to read the kernel memory.
  3. CVE-2022-674 is an information disclosure vulnerability. It allows an attacker to access and read the contents of the kernet memory.
  4. The vulnerability has been patched in the security update macOS Monterey 12.3.1. You can download it automatically on your Mac computer through System Preferences —- > Software Update.
  5. Other details of the vulnerability are not available in the public domain for obvious reasons.

CISA advises to patch macOS Monterery to version 12.3.1 by April 25, 2022. Active exploitation of macOS Monterey 12.3 and older systems poses significant security challenges to the system administrators.

It is unclear if these zero-day vulnerabilities, CVE-2022-22674 and CVE-2022-22675, are resolved for the mac OS Big Sur or Catalina. We are yet to hear about the impact of these zero-day vulnerabilities on macOS versions that preceded mac OS Monterey.

CVE-2021-45382 – D-Link Routers

The salient points about the CVE-2021-45382 are mentioned below.

  1. CVE-2021-45382 is a critical vulnerability.
  2. It can lead to Remote Code Execution attacks on the affected D-Link routers.
  3. The affected version of Router Operating system for D-Link routers include D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L.
  4. This vulnerability resides in the DDNS function in ncc2 binary file.
  5. All these D-Link routers have reached the ‘end of life’ status. No software updates or security updates are available for patching this RCE vulnerability on the D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L series routers.
  6. It is strongly suggested that you should remove the affected D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers from active services or operations.

CISA’s directive on the CVE-2022-45382 advises taking immediate action of removing the affected D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L from your networks. CVE-2021-45382 needs to be resolved by 25th April 2022.

Summary

CISA’s 4th April update includes the four actively exploited known vulnerabilities. Of these, VMWare and macOS Monterey 12.3 vulnerability need to be actioned on a priority basis. Resolution of these vulnerabilities needs to happen by 25th April 2022.

You may also like to read the following content related to security in your IT infrastructure: