Rewterz Threat Alert – South Asian Espionage Group Bitter Targeting The Chinese Nuclear Energy Industry – Active IOCs
March 31, 2023Rewterz Threat Update – Pakistan Supreme Court’s Website Recovered After Cyber Attack
March 31, 2023Rewterz Threat Alert – South Asian Espionage Group Bitter Targeting The Chinese Nuclear Energy Industry – Active IOCs
March 31, 2023Rewterz Threat Update – Pakistan Supreme Court’s Website Recovered After Cyber Attack
March 31, 2023Severity
High
Analysis Summary
These are the ten new vulnerabilities added to CISA’s Known Exploited Vulnerabilities Catalog, and it is essential to understand that they have all been actively exploited in the wild. Organizations that use any of the affected software should prioritize patching these vulnerabilities to prevent unauthorized access to their systems and data.
In addition to patching, organizations should also implement other security measures such as network segmentation, access controls, and security monitoring to detect and respond to any suspicious activity. Regular security assessments and penetration testing can also help identify vulnerabilities and weaknesses in the organization’s security posture, allowing for proactive remediation before an attack occurs.
The CVE numbers along with their details are listed below:
Microsoft Internet Explorer Memory Corruption Vulnerabilities:
CVE-2013-3163 CVSS:9.3
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by improperly accessing an object in memory. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
CVE-2014-1776 CVSS:9.3
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified use-after-free error. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Samba shared library Vulnerability:
CVE-2017-7494 CVSS:7.5
Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper access to named pipe endpoints. By uploading a specially-crafted shared library to a writeable share, an attacker could exploit this vulnerability to execute arbitrary code on the system.
HelpSystems Cobalt Strike Vulnerabilities:
CVE-2022-42948 CVSS:9.8
HelpSystems Cobalt Strike could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the C2 framework. By creating Swing components from user input, an attacker could exploit this vulnerability to create arbitrary Java objects in the class path and invoke their setter methods, resulting in a code execution.
CVE-2022-39197 CVSS:6.1
HelpSystems Cobalt Strike is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the teamserver. A remote attacker could exploit this vulnerability using the username field in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Apple iOS and iPadOS Vulnerability:
CVE-2021-30900 CVSS:7.8
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write issue in the GPU Drivers component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
Arm Mali GPU Kernel Driver Vulnerability:
CVE-2022-38181 CVSS:8.8
Arm Mali GPU Kernel Driver could allow a remote authenticated attacker to bypass security restrictions, caused by a use-after-free error. By making improper GPU processing operations, an attacker could exploit this vulnerability to gain access to already freed memory.
CVE-2022-22706 CVSS:8.8
Arm Mali GPU Driver could allow a local authenticated attacker to gain elevated privileges on the system, caused by an exposed dangerous method or function. By sending a specially-crafted request, an attacker could exploit this vulnerability to get a write access to read-only memory pages.
Overall, the addition of these ten new vulnerabilities to CISA’s catalog underscores the need for organizations to take a proactive approach to cybersecurity and ensure that they are regularly patching known vulnerabilities and implementing other security measures to protect their critical assets.
Impact
- Code Execution
- Cross-Site Scripting
- Privilege Escalation
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2013-3163
- CVE-2014-1776
- CVE-2017-7494
- CVE-2022-42948
- CVE-2022-39197
- CVE-2021-30900
- CVE-2022-38181
- CVE-2022-22706
Affected Vendors
Microsoft
Apple
Samba
ARM
Cobalt Strike
Affected Products
- Microsoft Internet Explorer 9
- Microsoft Internet Explorer 10
- Microsoft Internet Explorer 11
- Microsoft Internet Explorer 7
- Microsoft Internet Explorer 8
- Microsoft Internet Explorer 6
- Apple iOS 15.0
- Apple iPadOS 15.0
- Samba 3.5.0
- Samba 4.15
- Samba 3.5.1
- Samba 3.5.2
- ARM Mali GPU Kernel Driver Midgard r30p0
- ARM Mali GPU Kernel Driver Bifrost r34p0
- ARM Mali GPU Kernel Driver Valhall r19p0
- ARM Mali GPU Kernel Driver Valhall r34p0
- HelpSystems Cobalt Strike 4.7.1
- HelpSystems Cobalt Strike 4.2
- HelpSystems Cobalt Strike 4.3
- HelpSystems CobaltStrike 4.5
Remediation
Refer to the Products Website for patch, upgrade or suggested workaround information.