Cisco Releases Security Updates for Multiple Products

/in ,

Original release date: January 20, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

/in ,

Original release date: January 19, 2022

Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.

This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases January 2022 Critical Patch Update

/in ,

Original release date: January 18, 2022

Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle January 2022 Critical Patch Update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds 13 Known Exploited Vulnerabilities to Catalog

/in ,

Original release date: January 18, 2022

CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Required Action Due Date
CVE-2021-32648 October CMS Improper Authentication 2/1/2022
CVE-2021-21315 System Information Library for node.js Command Injection Vulnerability 2/1/2022
CVE-2021-21975 Server Side Request Forgery in vRealize Operations Manager API Vulnerability 2/1/2022
CVE-2021-22991 BIG-IP Traffic Microkernel Buffer Overflow Vulnerability 2/1/2022
CVE-2021-25296 Nagios XI OS Command Injection Vulnerability 2/1/2022
CVE-2021-25297 Nagios XI OS Command Injection Vulnerability 2/1/2022
CVE-2021-25298 Nagios XI OS Command Injection Vulnerability 2/1/2022
CVE-2021-33766 Microsoft Exchange Server Information Disclosure Vulnerability 2/1/2022
CVE-2021-40870 Aviatrix Controller Unrestricted Upload of File Vulnerability 2/1/2022
CVE-2020-11978 Apache Airflow Command Injection Vulnerability 7/18/2022
CVE-2020-13671 Drupal Core Unrestricted Upload of File Vulnerability 7/18/2022
CVE-2020-13927 Apache Airflow Experimental API Authentication Bypass Vulnerability 7/18/2022
CVE-2020-14864 Oracle Corporate Business Intelligence Enterprise Edition Path Traversal Vulnerability 7/18/2022

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

/in ,

Original release date: January 18, 2022

In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to: 

  • Reduce the likelihood of a damaging cyber intrusion, 
  • Detect a potential intrusion, 
  • Ensure the organization is prepared to respond if an intrusion occurs, and 
  • Maximize the organization’s resilience to a destructive cyber incident.

CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations

/in ,

Original release date: January 16, 2022

Microsoft has released a blog post on possible Master Boot Record (MBR) Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files.
 
CISA recommends network defenders review the Microsoft blog for tactics, techniques, and procedures, as well as indicators of compromise related to this activity. CISA additionally recommends network defenders review recent Cybersecurity Advisories and the CISA Insights, Preparing For and Mitigating Potential Cyber Threats.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

Ivanti Updates Log4j Advisory with Security Updates for Multiple Products  

/in ,

Original release date: January 14, 2022

Ivanti has updated its Log4j Advisory with security updates for multiple products to address CVE-2021-44228. An unauthenticated attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Ivanti security advisories pages for Avalanche; File Director; and MobileIron Core, MobileIron Sentry (Core/Cloud), and MobileIron Core Connector and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Releases Security Updates for Hypervisor 

/in ,

Original release date: January 13, 2022

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX335432 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for iOS and iPadOS

/in ,

Original release date: January 13, 2022

Apple has released security updates to address a vulnerability affecting iOS 15.2.1 and iPadOS 15.2.1. An attacker could exploit this vulnerability to cause a denial-of-service condition. 

CISA encourages users and administrators to review the Apple security page for iOS 15.2.1 and iPadOS 15.2.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

/in ,

Original release date: January 13, 2022

Cisco has released security updates to address a vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit this vulnerability to take control of an affected system. 

CISCA encourages users and administrators to review Cisco Security Advisory cisco-sa-ccmp-priv-esc-JzhTFLm4 and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.