Voyager18 (research)

CISA's KEV additions: Linux under threat?

CISA has added knew additions to its KEV catalog, this time focusing on Linux vulnerabilities. Here's what we learned.

Orani Amroussi | May 16, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities catalog by adding seven more Linux-related vulnerabilities. Interestingly, some of these vulnerabilities aren’t fresh threats; one even traces back to 2010. Despite their age, these vulnerabilities are still being actively exploited, causing significant concerns for federal enterprises.

Among the new entries to the database are a variety of threats that span multiple products and years. These include:

  • CVE-2023-25717, affecting multiple Ruckus Wireless Products and involving a cross-site forgery request and remote code execution vulnerability
  • CVE-2021-3560, associated with Red Hat Polkit and revealing an incorrect authorization vulnerability
  • CVE-2014-0196, a race condition vulnerability in the Linux Kernel
  • CVE-2010-3904, another Linux Kernel vulnerability, this one involving improper input validation
  • CVE-2015-5317, a Jenkins user interface vulnerability that can lead to information disclosure
  • CVE-2016-3427, an unspecified vulnerability present in both Oracle Java SE and JRockit
  • CVE-2016-8735, an Apache Tomcat vulnerability, which opens the door to remote code execution

CISA’s KEV additions: what we learned

The CISA’s catalog is a dynamic list that highlights significant risks to federal enterprises. The recent inclusion of older vulnerabilities is an indication that these older threats remain relevant and are actively being used in cyber attacks. This unusual occurrence underscores the importance of timely and thorough system updates and patching to maintain cybersecurity.

In addition to the older vulnerabilities, the catalog now reflects an increasing trend of threat actors exploiting open source software and devices related to IoT, operational technology, and industrial control systems. These actors are taking advantage of these systems to gain access and execute code remotely.

The remediation of these vulnerabilities, particularly those targeting industrial control systems, is notably more complex and time-consuming than dealing with conventional IT vulnerabilities. 

Next steps

CISA’s KEV additions highlight the necessity for organizations to have a comprehensive understanding of all their digitally connected assets, including the software components they utilize. Moreover, they underscore the need for an automated mechanism to address these vulnerabilities promptly, ensuring the continuous operation of their mission-critical devices.

The Vulcan Cyber risk management platform assists security teams throughout the entire vulnerability risk management lifecycle. With contextual prioritization, orchestration, and reporting capabilities, Vulcan Cyber helps teams drive down cyber risk in their environments and improve security posture. Try Vulcan Free today.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy