In two days, the US Cybersecurity and Infrastructure Security Agency (Cybersecurity & Infrastructure Security Agency, CISA) added 41 vulnerabilities to its catalog of known vulnerabilities exploited by hackers, including in Android and Cisco IOS XR.
The vulnerabilities span several years. The oldest was revealed back in 2016, and the most “fresh” is CVE-2022-20821 in Cisco IOS XR, fixed last week.
CVE-2022-20821 allows you to write arbitrary files to the file system, extract information from the database and write data to the Redis database in memory.
Other notable vulnerabilities are CVE–2021-1048 and CVE-2021-0920 in Android. Although they are present in the Linux kernel, they were used only in a limited number of attacks on Android devices.
CVE-2021-0920 is a memory usage vulnerability after being released in the Linux kernel garbage collection for Unix domain socket file handlers. The way users call close() and fget() at the same time can potentially cause concurrency uncertainty (race condition).
As for CVE-2021-1048, the other day Google Threat Analysis Group (TAG) experts reported that the vulnerability was exploited along with other zero-day vulnerabilities to install Predator spyware.
CISA has ordered federal agencies to install fixes for the aforementioned vulnerabilities by June 13, 2022.
The remaining vulnerabilities affect Cisco, Microsoft, Apple, Google, Mozilla, Facebook, Adobe and Webkit GTK and cover the period from 2018 to 2021. Among them, there is also a privilege escalation vulnerability in Windows (CVE-2020-0638), which is still being exploited by Conti’s ransomware.