The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog for Cisco AnyConnect, GIGABYTE, Google and Apple product lines based on evidence of active exploitation:
- Google Chromium V8 contains a type confusion vulnerability.
- Apple iOS and iPadOS kernel out-of-bounds write vulnerability allows an application to perform code execution with kernel privileges.
- Cisco AnyConnect Secure Mobility Client for Windows DLL hijacking vulnerability allows an attacker with valid Windows credentials to execute code on an affected machine with system privileges.
- Cisco AnyConnect Secure Mobility Client for Windows uncontrolled search path vulnerability allows incorrect handling of directory paths. An attacker could copy malicious files to arbitrary locations with system level privileges, including DLL preloading and hijacking.
- GIGABYTE privilege escalation vulnerability for multiple products exposes functionality to read and write arbitrary physical memory that a local attacker could leverage to elevate privileges.
- GIGABYTE execution vulnerability for multiple products exposes functionality to read/write data from/to I/O ports, enabling attackers to run code with elevated privileges.
Impact
These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
DXC perspective
We recommend applying updates according to the vendors’ instructions and to continuously secure and monitor the infrastructure, including endpoints.