The U.S. Cybersecurity and Infrastructure Security Agency (CISA)
on Tuesday added a recently disclosed security flaw in the UnRAR
utility to its Known Exploited Vulnerabilities Catalog, based on
evidence of active exploitation.
Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns
a path traversal vulnerability in the Unix versions of UnRAR that
can be triggered upon extracting a maliciously crafted RAR
archive.
This means that an adversary could exploit the flaw to drop
arbitrary files on a target system that has the utility installed
simply by decompressing the file. The vulnerability was revealed[1]
by SonarSource researcher Simon Scannell in late June.
“RARLAB UnRAR on Linux and UNIX contains a directory traversal
vulnerability, allowing an attacker to write to files during an
extract (unpack) operation,” the agency said[2]
in an advisory.
Not much is known about the nature of the attacks, but the
disclosure is evidence of a growing trend wherein threat actors are
quick to scan for vulnerable systems after flaws are publicly
disclosed and take the opportunity to launch malware and ransomware
campaigns.
On top of that, CISA has also added CVE-2022-34713[3]
to the catalog after Microsoft, as part of its Patch Tuesday
updates on August 9, revealed that it has seen indications that the
vulnerability has been exploited in the wild.
Said to be a variant of the vulnerability publicly known as
DogWalk[4], the shortcoming in the
Microsoft Windows Support Diagnostic Tool (MSDT) component could be
leveraged by a rogue actor to execute arbitrary code on susceptible
systems by tricking a victim into opening a decoy file.
Federal agencies in the U.S. are mandated to apply the updates
for both flaws by August 30 to reduce their exposure to
cyberattacks.
References
Read more https://thehackernews.com/2022/08/cisa-issues-warning-on-active.html