CISA Adds Three Exploited Vulnerabilities to KEV Catalog

• CISA has added three new vulnerabilities to its catalog of known exploited vulnerabilities (KEV): CVE-2023-36584, CVE-2023-1671, and CVE-2020-2551.

• These vulnerabilities affect Microsoft Windows, Sophos Web Appliance, and Oracle Fusion Middleware.

• CISA is urging all organizations to prioritize patching these vulnerabilities, especially federal agencies in the United States.

Welp y’all, the Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its catalog of known exploited vulnerabilities (KEV). These vulnerabilities affect Microsoft Windows, Sophos Web Appliance, and Oracle Fusion Middleware.

CISA is urging all organizations to prioritize patching these vulnerabilities, especially federal agencies in the United States. The deadline for patching these vulnerabilities is December 7, 2023.

CVE-2023-36584: Mark of the Web (MotW) Security Feature Bypass on Microsoft Windows

This vulnerability affects Microsoft Windows and allows attackers to bypass the Mark of the Web (MotW) security feature. MotW is a security feature that helps to protect users from malicious websites. When users open a file from a website, MotW marks the file as being from the web. This helps to prevent users from opening malicious files.

Microsoft has patched this vulnerability, but it is still marked as non-exploited. This means that there is no evidence that this vulnerability has been used in attacks. However, organizations should still patch this vulnerability as soon as possible.

CVE-2023-1671: Command Injection Vulnerability in Sophos Web Appliance

This vulnerability affects Sophos Web Appliance and allows attackers to remotely execute code. Remote code execution (RCE) is a type of vulnerability that allows attackers to take control of a computer system.

This vulnerability has a severity score of 9.8 and affects versions of the software before 4.3.10.4. Sophos Web Appliance reached end-of-life on July 20, 2023, and no longer receives any type of updates. Sophos has notified customers that they should migrate to Sophos Firewall web protection.

CVE-2020-2551: Unspecified Vulnerability in Oracle Fusion Middleware

This vulnerability affects Oracle Fusion Middleware and allows attackers to compromise WebLogic servers. WebLogic is a Java-based application server that is used to develop and deploy web applications.

This vulnerability is unspecified, but it is critical and should be patched immediately. Oracle has released a patch for this vulnerability.

Recommendations

CISA recommends that all organizations take the following steps to mitigate the risk of these vulnerabilities:

• Patch these vulnerabilities as soon as possible.

• Apply vendor-recommended mitigations if patching is not possible.

• Monitor systems for signs of compromise.

• Report any suspected intrusions to CISA or other relevant authorities.

Organizations should use CISA's KEV catalog as an alert system for exploited vulnerabilities and take the necessary steps to update their systems or apply vendor-recommended mitigations.