CISA Adds 3 Actively Exploited Flaws to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) recently added three regularly exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a major problem in PaperCut, a popular printing management program.
According to the CISA, threat actors are aggressively exploiting the three vulnerabilities to attack organizations in a variety of industries, including government, healthcare, and finance.
PaperCut’s major vulnerability, which has a CVSS score of 9.8 out of 10, allows remote attackers to execute arbitrary code on susceptible computers. The vulnerability exists due to a lack of validation of user-supplied input in the PaperCut MF Application Server’s “user-role” option. Attackers can exploit this vulnerability by submitting a specially crafted HTTP request to the vulnerable server, which results in the execution of arbitrary code with the application’s privileges.
PaperCut is a popular printing management software that helps businesses to monitor and manage their printing infrastructure. PaperCut’s vulnerability might be especially disastrous for organizations that rely substantially on their printing infrastructure, such as healthcare facilities and government entities.
A cross-site scripting (XSS) issue in the Drupal content management system and a SQL injection vulnerability in the Atlassian Confluence collaboration software have also been added to the KEV catalog. The Drupal flaw allows attackers to run arbitrary code in the victim’s browser, whilst the Confluence flaw allows attackers to access sensitive data contained in the application’s database.
The inclusion of these vulnerabilities in the KEV catalog emphasises the persistent danger presented by cyber criminals and nation-state actors to organizations of all sizes and sectors. Organizations must keep their software up to date with the latest patches and be on the lookout for any indicators of suspicious behavior on their networks.
The critical vulnerability in PaperCut, as well as the two additional vulnerabilities added to the KEV catalog, highlight the significance of proactive security measures and continuing attention. Patching software and monitoring networks for symptoms of compromise should be prioritized by organizations. Failure to do so could have disastrous implications, such as data breaches, financial loss, and reputational harm.
Author: Ashutosh Patra