The Cybersecurity and Infrastructure Security Agency (CISA) has warned that several flaws are being actively exploited by state hackers, two of which are considered critical.
These are flaws present in VMWare products and in BIG-IP from the F5 company.
Important and critical flaws in VMWare
The period is complicated for companies, made vulnerable by major flaws in two products: VMWare and BIG-IP. On May 18, CISA, the agency responsible for cybersecurity and infrastructure security in the United States, also issued several bulletins to announce that these flaws were being actively exploited, both by hackers linked to a State only by less sophisticated actors, because of proofs of concept that have been made public.
The first flaws concern certain VMWare products. On April 6, the latter published a patch fixing two flaws, one of which is critical: CVE-2022-22954, a critical remote code execution vulnerability, and CVE-2022-22960, an elevation of privilege vulnerability. . Even if these flaws had not been exposed before the release of the patch, according to the CISA, it will have sufficed 48 hours for state hackers to determine how to exploit them based on what has been patched. . According to a security researcher interviewed by Ars-TechnicaTroy Mursh, the flaws would be used separately or in combination to deploy botnets, cryptocurrency miners and webshells.
A situation that is all the more dangerous since two additional flaws in VMWare products have been revealed and patched recently. The first, with a severity score of 9.8 (out of 10), is CVE-2022-22972. It is an authentication bypass vulnerability, which allows an attacker, with network access to the user interface, to obtain administrative access without the need to authenticate. The second is CVE-2022-22973, a local elevation of privilege vulnerability, which allows someone with local access to elevate their privileges to “root”. Given the speed with which the two vulnerabilities patched in April were exploited, the CISA warns that these two new vulnerabilities will probably be quickly used by attackers.
An easy-to-exploit vulnerability
Another flaw that rocked the small security world was CVE-2022-1388, a critical vulnerability in F5’s BIG-IP product line. By exploiting it, an unauthenticated attacker can take control of affected systems, even gaining “root” privileges, without a password. The flaw being quite simple to exploit, proofs of concept quickly flourished on the Internet. If researchers have used the flaw for their research, it has been established by the security company Greynoise that now the majority of attacks are carried out for malicious purposes. Here too, hackers install three types of software: webshells, malware to carry out DDOS attacks and cryptocurrency miners.
In view of the severity of these vulnerabilities and the targets that can be affected by attacks exploiting them, mainly companies and government agencies, the CISA therefore calls on all those concerned to patch the vulnerable products as soon as possible. The risk here is to see ransomware flourish and to arrive at a situation similar to that which followed the attack on SolarWinds.
On the same subject :
Ransomware: this group of Russian hackers is considered the most dangerous
Source : Ars-Technica
1