Active Exploits of TP-Link, Apache and Oracle Vulnerabilities Detected
The US Cybersecurity and Infrastructure Agency (CISA) has added three weaknesses in the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The security vulnerabilities are as follows –
- CVE-2023-1389 (CVSS Score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability
- CVE-2021-45046 (CVSS Score: 9.0) – Apache Log4j2 Deserialization of Untrusted Data Vulnerability
- CVE-2023-21839 (CVSS Score: 7.5) – Oracle WebLogic Server Unspecified Vulnerability
CVE-2023-1389 concerns a command injection case affecting the TP-Link Archer AX-21 router which is exploitable to achieve remote code execution. According to Trend Micro’s Zero Day Initiative, the vulnerability has been used by threat actors associated with the Mirai botnet since April 11, 2023.
The second flaw to be added to the KEV catalog is CVE-2021-45046, a remote code execution affecting the Apache Log4j2 logging library that was revealed in December 2021.
It’s currently unclear how this particular vulnerability was abused in the wild, although the data was compiled by GreyNoise show proof of attempted exploitation of as many as 74 unique IP addresses over the past 30 days. However, this is also included CVE-2021-44228 (aka Log4Shell).
Rounding out the list is a high-severity bug in Oracle WebLogic Server versions 184.108.40.206.0, 220.127.116.11.0, and 18.104.22.168.0 that could allow unauthorized access to sensitive data. Before patched by the company as part of an update released in January 2023.
“Oracle WebLogic Server contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server,” CISA said.
Learn How to Stop Ransomware with Real-Time Protection
Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.
Although there is a proof of concept (PoC) exploit for a flaw, apparently no public report evil exploitation.
Federal Civilian Executive Branch (FCEB) agents are required to implement a vendor-provided fix by May 22, 2023, to secure their network against this active threat.
Advisors also came more than a month after VulnCheck revealed that nearly four dozen security flaws likely to be wildly weaponized by 2022 are missing from the KEV catalogue.
Of the 42 vulnerabilities, most were related to exploits by botnets like Mirai (27), followed by ransomware gangs (6) and other threat actors (9).