The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the descriptions for these vulnerabilities:
CVE-2023-25280 is an OS command injection vulnerability in D-Link DIR-820 router. Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices, including CVE-2023-25280.
CVE-2020-15415 is an OS command injection vulnerability in DrayTek Multiple Vigor Routers. Since the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws, including CVE-2020-15415.
CVE-2019-0344 is a deserialization of untrusted data vulnerability. SAP Commerce Cloud
CVE-2021-4043 is a null pointer dereference vulnerability in Motion Spell GPAC.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by October 21, 2024.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)