The U.S. Cybersecurity and Infrastructure Security Agency on
Monday added[1]
two security flaws, including the recently disclosed remote code
execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities
Catalog[2], citing evidence of
active exploitation.
Tracked as CVE-2022-30525[3], the vulnerability is
rated 9.8 for severity and relates to a command injection flaw in
select versions of the Zyxel firewall that could enable an
unauthenticated adversary to execute arbitrary commands on the
underlying operating system.
Impacted devices include –
- USG FLEX 100, 100W, 200, 500, 700
- USG20-VPN, USG20W-VPN
- ATP 100, 200, 500, 700, 800, and
- VPN series
The issue, for which patches were released by the Taiwanese firm
in late April (ZLD V5.30), became public knowledge on May 12
following a coordinated disclosure process with Rapid7.
Merely a day later, the Shadowserver Foundation said[4]
it began detecting exploitation attempts, with most of the
vulnerable appliances located in France, Italy, the U.S.,
Switzerland, and Russia.
Also added by CISA to the catalog is CVE-2022-22947[5], another code injection
vulnerability in Spring Cloud Gateway that could be exploited to
allow arbitrary remote execution on a remote host by means of a
specially crafted request.
The vulnerability is rated 10 out of 10 on the CVSS
vulnerability scoring system and has since been addressed[6]
in Spring Cloud Gateway versions 3.1.1 or later and 3.0.7 or later
as of March 2022.
References
- ^
added
(www.cisa.gov) - ^
Known
Exploited Vulnerabilities Catalog
(www.cisa.gov) - ^
CVE-2022-30525
(thehackernews.com) - ^
said
(twitter.com) - ^
CVE-2022-22947
(nvd.nist.gov) - ^
addressed
(tanzu.vmware.com)
Read more https://thehackernews.com/2022/05/watch-out-hackers-begin-exploiting.html