Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including a code injection flaw in GeoServer and a use-after-free vulnerability in the Linux Kernel.
Threat Actor: N/A
Victim: N/A
Key Point :
- The GeoServer flaw (CVE-2022-24816) allows for remote code execution through code injection in the Jai-Ext open source project.
- The Linux Kernel flaw (CVE-2022-2586) is a use-after-free vulnerability in nft tables that can lead to privilege escalation.
- The vulnerabilities were fixed, but technical details and proof-of-concept exploits have been publicly available since August 2022.
The content: 
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:
Below are the descriptions of the flaws added to the KEV catalog:
- GeoServer Flaw CVE-2022-24816 (CVSS score of 9.8) is a code injection issue in the Jai-Ext open source project. The flaw can be exploited to achieve remote code execution, it exploits Jiffle scripts compiled into Java code via Janino. The flaw was addressed with the release of GeoServer version 1.2.22 in April 2022. Technical details and PoC exploit code are publicly available since August 2022.
- Linux Kernel Flaw CVE-2022-2586 (CVSS score of 7.8) is a use-after-free vulnerability in nft tables, that can lead to privilege escalation. White hat hackers demonstrated an exploit for this issue during the Pwn2Own Vancouver 2022. The vulnerability was fixed in August 2022, however technical details and PoC were published a few weeks later.
- Roundcube Webmail CVE-2020-13965 (CVSS score of 6.1) is a cross-site scripting (XSS) issue. The vulnerability affects versions before 1.4.5 and 1.3.12. Successful exploitation of the flaw can lead to arbitrary JavaScript code execution. Roundcube addressed the flaw in June 2020, and PoC code was released shortly thereafter.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by July 17, 2024.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
“An interesting youtube video that may be related to the article above”