BE-Hacktive
HackTricksTwitterLinkedInSponsorWebsite
English
English
  • BE-Hacktive
  • About the author and the project
  • Table of contents
  • Contact
  • 🎬Synopsis
    • Technology over time
    • Cybersecurity
    • CVE
  • πŸ†Eskooly - CVE
    • ESKOOLY
    • CVE-2024-27709 - SQL Injection in Eskooly Web Product v.3.0
    • ESkooly - Broken Authentication
      • CVE-2024-27710 - Privilege Escalation via Authentication Mechanism in Eskooly Web Product <= v3.0
      • CVE-2024-27711 - User Enumeration via Sign-up Process in Eskooly Web Product <= v3.0
      • CVE-2024-27712 - User Enumeration via Account Settings in Eskooly Web Product <= v3.0
    • CVE-2024-27713 - Protection mechanism Failure in Eskooly Web Product <= v3.0
    • CVE-2024-27715 - Inadequate Password Update Verification in Eskooly Web Product <= v3.0
    • CVE-2024-27716 - Cross-site Scripting (XSS) in Eskooly Web Product <= v3.0
    • CVE-2024-27717 - Cross-Site Request Forgery (CSRF) in Eskooly Web Product <= v3.0
  • 🚨Tip 1 - Raising awareness
    • Phishing
      • Phishing - Origins
      • Phishing - Evolution
      • Phishing - Statistics
      • Phishing - Techniques
      • Phishing - Protection
    • Malware
      • Malware - Origines
      • Malware - Evolution
      • Malware - Categories
      • Malware - Ransomware
    • Passwords
      • Passwords - Origins
      • Passwords - Evolution of authentication
      • Passwords - Statistics
      • Passwords - Protect yourself
  • 🧨Capsule 2 - Ethical Hacking
    • Definition and Methodology
  • 🧰Capsule 3 - Tools
    • Burp Suite
      • Installation
      • Intercept HTTP traffic with Burp Proxy
      • Define the perimeter
      • Intruder et Repeater
  • Capsule 2 - Ethical Hacking
    • Page 1
  • πŸ“–Articles
    • Cybersecurity 2023: 5 major threats and how to protect yourself from them
    • Am I a victim of data leaks?
    • LOG4J: The vulnerable bookstore that is shaking the planet
    • LOG4SHELL: COME, SEE, LIVE
    • Protecting Your Child Online: Tips for Safer Internet Day
    • ChatGPT: Revolution or threat?
    • The FBI dismantles Raptor Train: A Chinese Botnet that Infected 260,000 IoT Devices Worldwide!
  • πŸ—žοΈNews
    • Active exploitation of TP-Link, Apache and Oracle vulnerabilities detected
    • Microsoft stresses the urgency of patching Exchange servers locally
Powered by GitBook
On this page
  1. News

Active exploitation of TP-Link, Apache and Oracle vulnerabilities detected

Date: 02-05-2023

PreviousThe FBI dismantles Raptor Train: A Chinese Botnet that Infected 260,000 IoT Devices Worldwide!NextMicrosoft stresses the urgency of patching Exchange servers locally

Last updated 5 months ago

The US Cybersecurity and Infrastructure Security Agency (CISA) has updated the Catalog of Known Exploited Vulnerabilities (KEV) with three new vulnerabilities, due to evidence of ongoing exploitation.

Identified security vulnerabilities include:

  • (score CVSS : 8,8) - TP-Link Archer AX-21 Command Injection Vulnerability

  • (score CVSS : 9,0) - Apache Log4j2 Deserialization of Untrusted Data Vulnerability

  • (score CVSS : 7,5) - Oracle WebLogic Server Unspecified Vulnerability

CVE: The acronym CVE, for Common Vulnerabilities and Exposures in English, designates a public list of computer security vulnerabilities. When we talk about a CVE, we generally refer to a security vulnerability that has been assigned a CVE identifier.

Security advisories published by vendors and researchers almost always mention at least one CVE identifier. CVEs help professionals coordinate their efforts to prioritize and resolve vulnerabilities, and thus strengthen the security of computer systems.

CVE-2023-1389 concerns a command injection vulnerability affecting TP-Link Archer AX-21 routers, which could be exploited to enable remote code execution. Trend Micro's Zero Day Initiative reported that since April 11, 2023, malicious actors associated with the Mirai botnet have been actively exploiting this vulnerability.

The second vulnerability added to the KEV catalog is CVE-2021-45046, which concerns remote code execution in the Apache Log4j2 logging library, discovered in December 2021.

An article is available from Be-Hacktive: => LOG4J: The vulnerable bookstore that is shaking the planet

Exactly how this specific vulnerability is exploited is not yet clear. However, GreyNoise has collected data indicating exploitation attempts from as many as 74 unique IP addresses over the past 30 days. This also includes CVE-2021-44228 (also known as Log4Shell).

An article is available from Be-Hacktive:

=> LOG4SHELL: COME, SEE, LIVE

The latest addition to the list is a high-severity bug found in Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, which could potentially allow unauthorized access to sensitive information . Oracle released fixes for this issue in January 2023.

β€œOracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server,” CISA said.

Although proof-of-concept (PoC) exploits for the flaw exist, there do not appear to be any public reports of malicious exploitation.

Federal Civilian Executive Branch (FCEB) agencies are required to implement vendor-provided patches by May 22, 2023, to protect their networks against these active threats.

This recommendation comes just over a month after VulnCheck revealed that nearly four dozen security vulnerabilities, likely used as weapons in the wild in 2022, are missing from the KEV catalog.

Among the 42 vulnerabilities, an overwhelming majority are linked to exploitation by botnets similar to Mirai (27), followed by ransomware gangs (6) and other threat actors (9).

SOURCE:

πŸ—žοΈ
REDHAT
CVE-2023-1389
CVE-2021-45046
CVE-2023-21839
No IP observed with attempted exploitation of CVE-2023-21839
Report Result: The VulnCheck 2022 Exploited Vulnerability Report - Missing CISA KEV Catalog Entries