HomeTechnologyNewsCISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks

CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks


The US Cybersecurity and Infrastructure Security Agency (CISA) added seven vulnerabilities to its list of actively exploited security issues, including those in Microsoft, Linux, and Jenkins.

The ‘Catalog of Known Exploited Vulnerabilities’ is a list of vulnerabilities that are known to be actively exploited in cyber attacks and are required to be patched by Federal Civilian Executive Branch (FCEB) agencies.

“Binding Operating Directive (BOD) 22-01: Reducing Significant Risk of Known Exploited Vulnerabilities established the Catalog of Known Exploited Vulnerabilities as a living list of known CVEs that carry significant risk to the federal enterprise,” CISA explains.

“BOD 22-01 requires FCEB agencies to patch identified vulnerabilities by the expiration date to protect FCEB networks from active threats. See the BOD 22-01 fact sheet for more information.”

“The vulnerabilities listed in the catalog allow threat actors to perform a variety of attacks, including stealing credentials, gaining network access, remotely executing commands, downloading and executing malware, or stealing device information.”

With the addition of these seven vulnerabilities, the catalog now contains 654 vulnerabilities, including the date that associated security patches and updates are required to be applied by federal agencies.

The seven new vulnerabilities added this week are listed below, and CISA requires all of them to be patched by May 16, 2022.

CVE number Vulnerability Title Expiration dates
CVE-2022-29464 Unrestricted File Upload Vulnerability in Multiple WSO2 Products 2022-05-16
CVE-2022-26904 Microsoft Windows User Profile Service Privilege Escalation Vulnerability 2022-05-16
CVE-2022-21919 Microsoft Windows User Profile Service Privilege Escalation Vulnerability 2022-05-16
CVE-2022-0847 Linux Kernel Privilege Escalation Vulnerability 2022-05-16
CVE-2021-41357 Microsoft Win32k Privilege Escalation Vulnerability 2022-05-16
CVE-2021-40450 Microsoft Win32k Privilege Escalation Vulnerability 2022-05-16
CVE-2019-1003029 Jenkins Script Security Plugin Sandbox Bypass Vulnerability 2022-05-16

How are these bugs used in attacks?

While it is useful to know that a bug is being exploited, it is even more useful to understand how they are actively used in attacks.

The WSO2 vulnerability tracked as CVE-2022-29464 was disclosed on April 18, 2022, and a public exploit was released a few days later. Rapid7 researchers soon saw the public PoC used in attacks to implement web shells and coinminers.

Windows ‘User Profile Service Privilege Escalation’ vulnerabilities tracked as CVE-2022-21919 and CVE-2022-26904 were discovered by Abdel Hamid Naceri