U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities, including those in SonicWall SonicOS, ImageMagick, and the Linux Kernel, to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgency for federal agencies and private organizations to address these security risks. These vulnerabilities could allow attackers to execute arbitrary code, escalate privileges, or exploit access control flaws, posing significant threats to affected systems.

Threat Actor: Various | various
Victim: Affected organizations | affected organizations

Key Point :

  • ImageMagick vulnerability (CVE-2016-3714) allows remote code execution through crafted images.
  • Linux Kernel flaw (CVE-2017-1000253) enables privilege escalation via improperly loaded ELF executables.
  • SonicWall SonicOS vulnerability (CVE-2024-40766) poses a significant access control risk, with a CVSS score of 9.3.
  • CISA mandates federal agencies to remediate these vulnerabilities by September 30, 2024.
  • Private organizations are encouraged to review the KEV catalog and address vulnerabilities in their infrastructure.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for these vulnerabilities:

CVE-2016-3714 flaw (aka ImageTragick), in the popular image manipulation software ImageMagick could allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka “ImageTragick.” Attackers can exploit the flaw to take over websites running the widely used image-enhancing app. The vulnerability in ImageMagick App allows attackers to run arbitrary code on the targeted web servers that rely on the app for resizing or cropping user-uploaded images.

CVE-2017-1000253 flaw was discovered by researchers with Qualys Research Labs and affects all Linux distributions that have not fixed their kernels after a commit released on April 14, 2015. Attackers can exploit the vulnerability to escalate privileges. The issue resides in the way the kernel loads ELF executables and is triggered by applications that have been built as Position Independent Executables (PIEs).

“A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption.” reads the advisory published on RedHat. “An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.”

CVE-2024-40766  is an Improper Access Control Vulnerability impacting SonicWall SonicOS. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by September 30, 2024.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, CISA)



Source: https://securityaffairs.com/168251/security/u-s-cisa-adds-sonicwall-sonicos-imagemagick-and-linux-kernel-bugs-to-its-known-exploited-vulnerabilities-catalog.html