Original release date: January 11, 2022
The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Samba Security Announcement CVE-2021-43566 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: January 11, 2022
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI, and NSA are releasing the joint CSA to help the cybersecurity community reduce the risk presented by Russian state-sponsored cyber threats.
CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA. CISA recommends network defenders review CISA’s Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity. CISA recommends critical infrastructure leaders review CISA Insights: Preparing For and Mitigating Potential Cyber Threats for steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: January 10, 2022
CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
| CVE Number | CVE Title |
Remediation |
| CVE-2021-22017 | VMware vCenter Server Improper Access Control Vulnerability | 1/24/2022 |
| CVE-2021-36260 | Hikvision Improper Input Validation Vulnerability | 1/24/2022 |
| CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability | 1/24/2022 |
| CVE-2020-6572 | Google Chrome prior to 81.0.4044.92 Use-After-Free Vulnerability | 7/10/2022 |
| CVE-2019-1458 | Microsoft Win32K Elevation of Privilege Vulnerability | 7/10/2022 |
| CVE-2013-3900 | Microsoft WinVerify Trust Function Remote Code Execution Vulnerability | 7/10/2022 |
| CVE-2019-2725 | Oracle WebLogic Server, Injection Vulnerability | 7/10/2022 |
| CVE-2019-9670 | Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference Vulnerability | 7/10/2022 |
| CVE-2018-13382 | Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability | 7/10/2022 |
| CVE-2018-13383 | Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability | 7/10/2022 |
| CVE-2019-1579 | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability | 7/10/2022 |
| CVE-2019-10149 | Exim Mail Transfer Agent (MTA) Improper Input Validation Vulnerability | 7/10/2022 |
| CVE-2015-7450 | IBM WebSphere Application Server and Server Hy Server Hypervisor Edition Remote Code Execution Vulnerability | 7/10/2022 |
| CVE-2017-1000486 | Primetek Primefaces Application Remote Code Execution Vulnerability | 7/10/2022 |
| CVE-2019-7609 | Elastic Kibana Remote Code Execution Vulnerability | 7/10/2022 |
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: January 7, 2022
WordPress versions between 3.7 and 5.8 are affected by multiple vulnerabilities. Exploitation of some of these vulnerabilities could cause a denial of service condition.
CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.8.3.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: January 5, 2022
Google has released Chrome version 97.0.4692.71 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates as soon as possible.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: January 5, 2022
VMware has released a security advisory to address a vulnerability in Workstation, Fusion, and ESXi. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0001 and apply the necessary updates and workarounds.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 22, 2021
The Apache Software Foundation has released Apache HTTP Server 2.4.52. This version addresses vulnerabilities—CVE-2021-44790 and CVE-2021-44224—that a remote attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Apache announcement and update as soon as possible.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 22, 2021
CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. Malicious cyber actors are actively scanning networks to potentially exploit CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.
This advisory expands on CISA’s previously published guidance, drafted in collaboration with industry members of CISA’s Joint Cyber Defense Collaborative (JCDC), by detailing recommended steps that vendors and organizations with information technology, operational technology/industrial control systems, and cloud assets should take to respond to these vulnerabilities.
CISA, FBI, NSA, the Australian Cyber Security Centre (ASCS), the Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) assess that exploitation of these vulnerabilities, especially Log4Shell, is likely to increase and continue over an extended period. CISA and its partners strongly urge all organizations to review AA21-356A: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities for detailed mitigations.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 17, 2021
CISA has issued Emergency Directive (ED) 22-02: Mitigate Apache Log4j Vulnerability], directing federal civilian executive branch (FCEB) agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228.
Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations review ED 22-02 for mitigation guidance. For additional details, see CISA’s webpage Apache Log4j Vulnerability Guidance.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 17, 2021
VMware has released a security advisory to address a vulnerability in Workspace ONE UEM console. An attacker could exploit this vulnerability to obtain sensitive information.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0029 and apply the necessary mitigation.
This product is provided subject to this Notification and this Privacy & Use policy.
UK Tel: +44 333 1223 372
USA Tel: +1 833 838 6754
LATAM Tel: +52 (55) 5335 0800
E: info@cystel.org
Clavering House, Clavering Place, Newcastle Upon Tyne, England, UK NE1 3NG
2001 L STREET N.W. SUITE 500, WASHINGTON, DC, 20036
Rio Lerma 232, Piso 23 (Torre Diana), Ciudad de Mexico, CP 06500, Mexico