The US Cybersecurity and Infrastructure Security Agency (CISA) has added several Linux and Linux-related flaws to its known exploited vulnerabilities (KEV) catalog.
The agency added seven new vulnerabilities to its KEV catalog on Friday: Ruckus AP remote code execution (CVE-2023-25717), Red Hat Polkit privilege escalation (CVE-2021-3560), Linux kernel privilege escalations (CVE-2014-0196 and CVE-2010-3904), Jenkins UI information disclosure (CVE-2015-5317), Apache Tomcat remote code execution (CVE-2016-8735), and an Oracle Java SE and JRockit issue (CVE-2016-3427).
The Ruckus product vulnerability has been exploited by a DDoS botnet named AndoryuBot.
However, there do not appear to be any public reports describing exploitation of the other vulnerabilities added to CISA’s catalog. Technical details and proof-of-concept (PoC) exploits are available, which is not surprising considering that some of them have been known for a decade.
One aspect all the vulnerabilities appear to have in common is their connection to Linux, which indicates that they might have been leveraged in attacks on Linux systems. NIST’s advisories for each security hole include references to advisories posted by various Linux distributions to describe impact of these flaws and the availability of patches.
At least some of these issues may have been exploited in attacks targeting Android devices — Linux kernel vulnerabilities being exploited in Android attacks is not unheard of.
CISA also pointed out a connection between two of the vulnerabilities. The Apache Tomcat flaw exists because a component was “not updated to take account of Oracle’s fix for CVE-2016-3427”.
However, it’s unclear if the weaknesses have been exploited by the same threat actor or whether multiple of these issues have been chained or used as part of the same attack.
The agency only adds a vulnerability to its catalog if it has reliable evidence of exploitation in the wild. It’s possible that it has privately obtained the information about active exploitation for these flaws.
This is not the first time CISA has been the first to sound the alarm regarding the exploitation of a Linux vulnerability. Nearly one year ago, the agency warned organizations about the vulnerability known as PwnKit being exploited.
Related: 557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022
Related: CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January
Related: Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
