The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, warning that threat actors are actively exploiting them in the wild.

The vulnerabilities affect various products and could lead to serious consequences such as remote code execution and privilege escalation.

ImageMagick Improper Input Validation Vulnerability (CVE-2016-3714)

ImageMagick, a popular open-source image processing library, contains an improper input validation vulnerability that affects multiple coders, including EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT. This flaw allows a remote attacker to execute arbitrary code by crafting an image with malicious shell metacharacters.

CISA advises organizations to apply mitigations according to the vendor’s instructions or discontinue the use of the affected product if mitigations are unavailable. The vulnerability has been added to the catalog with a due date of September 30, 2024.

Linux Kernel PIE Stack Buffer Corruption Vulnerability (CVE-2017-1000253)

The Linux kernel is affected by a position-independent executable (PIE) stack buffer corruption vulnerability in the load_elf_binary() function. This vulnerability allows a local attacker to escalate privileges and has been known to be used in ransomware campaigns.

To mitigate the risk, CISA recommends applying vendor-provided mitigations or discontinuing the use of the affected product if mitigations are not available. The vulnerability has been added to the catalog with a due date of September 30, 2024.

SonicWall SonicOS Improper Access Control Vulnerability (CVE-2024-40766)

SonicWall SonicOS, a popular firewall solution, contains an improper access control vulnerability that could lead to unauthorized resource access. In certain conditions, this vulnerability may also cause the firewall to crash, disrupting network security.

This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. SonicWall recommends updating to the latest version.

CISA urges organizations to follow the vendor’s instructions to apply mitigations or discontinue the use of the affected product if mitigations are not available. The vulnerability has been added to the catalog, but it is unknown if it has been used in ransomware campaigns[3].

Mitigation and Remediation

To protect against these actively exploited vulnerabilities, organizations should:

1. Identify and inventory all affected products in their environment
2. Apply the vendor-provided mitigations or patches as soon as possible
3. If mitigations are not available, consider discontinuing the use of the affected product
4. Monitor for signs of exploitation and investigate any suspicious activity
5. Ensure that incident response plans are in place to quickly respond to any potential breaches

As these vulnerabilities affect common open-source components, third-party libraries, and protocols used by various products, organizations should remain vigilant and stay informed about any updates or advisories from the respective vendors.

By promptly addressing these actively exploited vulnerabilities and implementing strong security practices, organizations can reduce their risk of falling victim to cyber attacks and minimize the potential impact of a breach.