Warning! TP-Link, Apache, and Oracle Vulnerabilities Actively Exploited in Wild

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

CISA recently included three actively exploited vulnerabilities in the wild in its KEV (Known Exploited Vulnerabilities) catalog that malicious actors exploit in the wild.

The three actively exploited vulnerabilities are detected in:-

  • TP-Link
  • Apache
  • Oracle

Here below, we have mentioned the vulnerabilities that were reported by CISA:-

  • CVE-2023-1389 – TP-Link Archer AX-21 Command Injection Vulnerability
  • CVE-2021-45046 – Apache Log4j2 Deserialization of Untrusted Data Vulnerability 
  • CVE-2023-21839 – Oracle WebLogic Server Unspecified Vulnerability 

Federal Government agencies and enterprises face many risks due to vulnerabilities of this type, which are prone to be exploited by threat actors.

Flaw Profile

TP-Link Archer AX-21 routers are vulnerable to remote code execution due to a command injection flaw (CVE-2023-1389).

Since April 11, 2023, threat actors linked with the Mirai botnet have utilized the vulnerability, as Trend Micro’s Zero Day Initiative reported.

  • CVE ID: CVE-2023-1389 
  • CVSS score: 8.8
  • Description: TP-Link Archer AX-21 Command Injection Vulnerability
  • Severity: High
  • Date Added to Catalog: 2023-05-01

CVE-2021-45046, it’s a remote code execution vulnerability that came to light in December 2021.

This vulnerability affects the Apache Log4j2 logging library, and it is the second flaw added to the KEV catalog.

While there is no clear indication of how the vulnerability is being exploited, GreyNoise’s data suggests that in the past 30 days, 74 unique IP addresses attempted to exploit it.

  • CVE ID: CVE-2021-45046
  • CVSS score: 9.0
  • Description: Apache Log4j2 Deserialization of Untrusted Data Vulnerability
  • Severity: Critical
  • Date Added to Catalog: 2023-05-01

In the following Oracle WebLogic Server versions(12.2.1.3.0,12.2.1.4.0, 14.1.1.0.0), the list concludes with a high-severity vulnerability:-

  • CVE ID: CVE-2023-21839
  • CVSS score: 7.5
  • Description: Oracle WebLogic Server Unspecified Vulnerability
  • Severity: High
  • Date Added to Catalog: 2023-05-01

Data that is sensitive could be accessed without authorization as a result of this bug.

However, a patch for the problem was released in January 2023 as a part of the company’s update release.

By gaining network access through T3, IIOP, an unauthorized threat actor could easily exploit the unknown vulnerability in Oracle WebLogic Server to compromise it.

Although PoC exploits are available for the vulnerability, no instances of malicious exploitation have been reported in the public domain.

BOD 22-01 created the KEV (Known Exploited Vulnerabilities) Catalog as a dynamic list of CVEs that pose a substantial risk to the federal enterprise.

While apart from this, CISA urged safeguarding the networks against these active threats; by May 22, 2023, FCEB (Federal Civilian Executive Branch) agencies must implement the patches and fixes provided by the vendors.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus