Apache, TP-Link, Oracle flaws exploited in the wild – CISA

One critical and two high-severity vulnerabilities of TP-Link, Apache, and Oracle devices are being actively exploited by attackers, claims the agency.

The US Cybersecurity and Infrastructure Security Agency (CISA) added three bugs to its Known Exploited Vulnerabilities Catalog.

The first flaw, tracked as CVE-2023-1389, was assigned a score of 8.8 by the National Vulnerabilities Database (NVD), indicating high severity. It affects the firmware of TP-Link Archer AX21 modems and “contains a command injection vulnerability.”

Attackers could use the flaw to instruct the devices to carry out malicious commands, potentially compromising the infrastructure linked with the modem.

According to the Zero Day Initiative (ZDI), a software vulnerability initiative curated by cybersecurity firm Trend Micro, the Mirai botnet has been leveraging the TP-Link flaw to recruit more devices to its ranks.

The second flaw, the Apache Log4j2 deserialization of untrusted data vulnerability tracked as CVE-2021-45046, was issued a score of 9.0, indicating critical severity.

This bug is particularly dangerous because threat actors can exploit it to transmit malicious data, instructing the app to run malicious code. The attack can lead to remote code execution (RCE) or even data loss.

The last flaw flagged by CISA, the Oracle WebLogic Server unspecified vulnerability tracked as CVE-2023-21839, was given a 7.5 score, showcasing its high severity.

Oracle WebLogic Server platforms are designed to work with enterprise applications, such as Java, for on-premises and in the cloud. This bug would allow an attacker to access the system without any credentials or authentication.

A successful attack could allow threat actors to access critical data stored on the Oracle WebLogic Server, potentially leading to further attacks developed with the acquired information.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in the alert.

More from Cybernews:

Biased new world: AI may be doomed to repeat human prejudices

T-Mobile hit again, exposing more client data

Employers that monitor workers using tech tools – yea or nay? US gov wants to know

Orbiting satellites hacked real-time to test cyber resiliency

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked