CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
The US Cyber and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
That three vulnerabilities are as follows –
- CVE-2023-28432 (CVSS Score – 7.5) – MiniO Information Disclosure Vulnerability
- CVE-2023-27350 (CVSS Score – 9.8) – PaperCut MF/NG Access Control Vulnerability Incorrect
- CVE-2023-2136 (CVSS Score – TBD) – Google Chrome Skia Integer Overflow Vulnerability
“In cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure,” MiniO maintainer said in an advisory published on March 21, 2023.
The data collected by GreyNoise shows that as many 18 unique malicious IP addresses from the US, the Netherlands, France, Japan and Finland trying to exploit disabled for the past 30 days.
Threat intelligence company, in a warning published late last month, also notes how a reference implementation provided by OpenAI for developers to integrate their plugin into ChatGPT based on an old version of MinIO which is vulnerable to CVE-2023-28432.
“While the new features released by OpenAI are valuable tools for developers looking to access live data from multiple providers within their ChatGPT integration, security must remain a core design principle,” said GreyNoise.
Also added to the KEV catalog is a critical remote code execution bug affecting PaperCut’s print management software allowing a remote attacker to bypass authentication and run arbitrary code.
The vulnerability was addressed by the vendor on March 8, 2023, with the release of PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9. Zero Day Initiative, which reported issue on 10 January 2023, expected to release additional technical details on 10 May 2023.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Fraud can detect advanced threats, stop lateral moves, and improve your Zero Trust strategy. Join our insightful webinar!
According to a renew shared by the Melbourne-based company earlier this week, evidence of active exploitation of unpatched servers emerged in the wild around 18 April 2023.
Cybersecurity company Arctic Wolf said it “has observed intrusion activity related to the vulnerable PaperCut Server where the RMM Synchro MSP tool was loaded onto the victim’s system.”
Last to add to the list of actively exploited vulnerabilities is a Google Chrome vulnerability affecting the Skia 2D graphics library that could allow a threat actor to perform sandbox escapes via generated HTML pages.
The Federal Civil Executive Branch Agency (FCEB) in the US is advised to patch identified vulnerabilities by May 12, 2023, to secure their network against active threats.
