Connect with us

Hi, what are you looking for?



CISA: Several Old Linux Vulnerabilities Exploited in Attacks

Several old Linux vulnerabilities for which there are no public reports of malicious exploitation have been added to CISA’s KEV catalog.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added several Linux and Linux-related flaws to its known exploited vulnerabilities (KEV) catalog.

The agency added seven new vulnerabilities to its KEV catalog on Friday: Ruckus AP remote code execution (CVE-2023-25717), Red Hat Polkit privilege escalation (CVE-2021-3560), Linux kernel privilege escalations (CVE-2014-0196 and CVE-2010-3904), Jenkins UI information disclosure (CVE-2015-5317), Apache Tomcat remote code execution (CVE-2016-8735), and an Oracle Java SE and JRockit issue (CVE-2016-3427).

The Ruckus product vulnerability has been exploited by a DDoS botnet named AndoryuBot. 

However, there do not appear to be any public reports describing exploitation of the other vulnerabilities added to CISA’s catalog. Technical details and proof-of-concept (PoC) exploits are available, which is not surprising considering that some of them have been known for a decade. 

One aspect all the vulnerabilities appear to have in common is their connection to Linux, which indicates that they might have been leveraged in attacks on Linux systems. NIST’s advisories for each security hole include references to advisories posted by various Linux distributions to describe impact of these flaws and the availability of patches. 

At least some of these issues may have been exploited in attacks targeting Android devices — Linux kernel vulnerabilities being exploited in Android attacks is not unheard of.

CISA also pointed out a connection between two of the vulnerabilities. The Apache Tomcat flaw exists because a component was “not updated to take account of Oracle’s fix for CVE-2016-3427”. 

Advertisement. Scroll to continue reading.

However, it’s unclear if the weaknesses have been exploited by the same threat actor or whether multiple of these issues have been chained or used as part of the same attack.

The agency only adds a vulnerability to its catalog if it has reliable evidence of exploitation in the wild. It’s possible that it has privately obtained the information about active exploitation for these flaws.

This is not the first time CISA has been the first to sound the alarm regarding the exploitation of a Linux vulnerability. Nearly one year ago, the agency warned organizations about the vulnerability known as PwnKit being exploited

Related: 557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022

Related: CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January

Related: Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.