BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?



CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities

CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.

The US cybersecurity agency CISA on Wednesday raised the alarm on threat actors exploiting known vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail.

The GeoServer flaw, tracked as CVE-2022-24816 (CVSS score of 9.8), is described as a code injection flaw in the Jai-Ext open source project that could be exploited to achieve remote code execution.

The issue is related to the use of the scripting language Jiffle: Jiffle scripts are compiled into Java code via Janino, and then executed.

GeoServer version 1.2.22 was released in April 2022 with a patch that disabled the ability to inject malicious code into the resulting script.    

Technical information on CVE-2022-24816 and proof-of-concept (PoC) exploit code have been available since August 2022.

Tracked as CVE-2022-2586 (CVSS score of 7.8), the Linux kernel flaw is a use-after-free issue in nft tables that could lead to privilege escalation.

“A nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted,” a NIST advisory reads.

The flaw was demonstrated at Pwn2Own Vancouver in May 2022 and was patched in early August that year. Three weeks later, the first technical details and PoC code targeting CVE-2022-2586 were published.

Advertisement. Scroll to continue reading.

On Wednesday, CISA also warned of the exploitation of a four-year-old vulnerability in Roundcube Webmail versions before 1.4.5 and 1.3.12, tracked as CVE-2020-13965 (CVSS score of 6.1).

The vulnerability is described as a cross-site scripting (XSS) issue that can be triggered via malicious XML attachments, because the open source webmail software allows text/xml types for preview, which could lead to a bypass of script filters and arbitrary JavaScript code execution.

Roundcube released patches for the flaw in early June 2020 and PoC code was released shortly after.

CISA added all three security defects to its Known Exploited Vulnerabilities (KEV) catalog on June 26, urging federal agencies – per Binding Operational Directive (BOD) 22-01 – to apply the available mitigations or remove the vulnerable products from their environments by July 17.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warned.

While BOD 22-01 only applies to federal agencies, all organizations using the vulnerable products are advised to address the flagged issues as soon as possible.

It is worth mentioning that, while PoC code targeting these flaws has been available for years, there have been no reports of any of them being exploited before CISA’s warning.

Related: CISA Warns of Progress Telerik Vulnerability Exploitation

Related: CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Related: Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert

Related: CISA Notifies Hitachi Energy Customers of High-Severity Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights