Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The US Cybersecurity and Infrastructure Security Agency (CISA) added 6 flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog. On the same day, CISA also added 2 other vulnerabilities impacting D-Link devices.
Although security specialists released patches for all 8 CVEs back in 2021, researchers currently found evidence of active exploitation.
More about the Samsung and D-Link Vulnerabilities
CISA issued an alert regarding the 8 actively exploited vulnerabilities on June 29th, 2023. You can find them listed below, with details.
Samsung flaws:
- CVE-2021-25487 – Out-of-Bounds Read Vulnerability that permits OOB reading. It can result in arbitrary code execution. The severity score was rated high.
- CVE-2021-25489 – Improper Input Validation Vulnerability that can result in format string bug leading to kernel panic.
- CVE-2021-25394 – Race Condition Vulnerability that allows arbitrary write if radio privileges are compromised.
- CVE-2021-25395 – Race Condition Vulnerability enables threat actors to circumvent signature checks if a radio privilege is compromised.
- CVE-2021-25371 – This flaw in the DSP driver lets malicious actors load arbitrary ELF libraries inside DSP.
- CVE-2021-25372 – Improper Boundary Check Vulnerability that provides out-of-bounds memory access.
D-Link flaws:
Both D-Link router and access point vulnerabilities were previously exploited by a Mirai botnet variant. Their CVSS scores go from critical to high.
- CVE-2019-17621 (CVSS score: 9.8, Critical) – Is an unauthenticated RCE vulnerability in D-Link DIR-859 Router
- CVE-2019-20500 (CVSS score: 7.8, High) – Is an authenticated OS command injection vulnerability in D-Link DWL-2600AP
Future Risks and Mitigation Measures
While the D-Link flaws were exploited by a Mirai botnet variant, it is yet unknown how were the Samsung vulnerabilities exploited in the wild. According to researchers
given the nature of the targeting, it’s likely that they may have been put to use by a commercial spyware vendor in highly targeted attacks.
Threat actors often use vulnerabilities like those of Samsung and D-link as attack vectors to compromise networks.
Consequently, CISA notified all Federal Civilian Executive Branch (FCEB) agencies to apply available patches by July 20, 2023. In addition, CISA urged all organizations to prioritize patching of flaws in the Known Exploited Vulnerabilities Catalog. Automated patch management and proper vulnerability management measures increase the chances to safeguard a company`s network and assets.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal® Patch & Asset Management
- Create policies that meet your exact needs;
- Full compliance and CVE/CVSS audit trail;
- Gain extensive vulnerability intelligence;
- And much more than we can fit in here...
