CISA Adds CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914 to the Known Exploited Vulnerabilities Catalog

Read Time:2 Minute, 10 Second

FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities catalog on March 7, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild.Why is this Significant?This is significant because CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) are on the CISA’s Known Exploited Vulnerabilities Catalog which are being actively exploited in the wild. As such, patches should be applied to the vulnerabilities as soon as possible.What is CVE-2022-28810?CVE-2022-28810 is a Remote Code Execution (RCE) vulnerability in Zoho ManageEngine ADSelfService Plus. A remote attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a malicious HTTP request.The vulnerability is rated “high” by Zoho and affects builds 6121 and below.What is CVE-2022-33891?CVE-2022-33891 is a Command Injection Vulnerability in Apache Software Foundation Spark. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability can result in the execution of arbitrary commands in the security context of the user running the vulnerable server.The vulnerability is rated “important” by Apache and affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.What is CVE-2022-35914?CVE-2022-35914 a code injection vulnerability in GLPI-Project GLPI. The vulnerability is due to improper validation of user configuration data sent to the endpoint htmLawedTest.php. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution in the security context of the web server process.Have the Vendors Released a Patch for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914?Yes. Patches for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914 are available.What is the Status of Protection?FortiGuard Labs has the following IPS protection in place for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914:Zoho.ManageEngine.ADSelfService.Plus.Custom.Script.Execution (CVE-2022-28810)Apache.Spark.getUnixGroups.Command.Injection (CVE-2022-33891)GLPI-Project.GLPI.htmLawedTest.php.Code.Injection (CVE-2022-35914)

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

CISA Adds CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914 to the Known Exploited Vulnerabilities Catalog

USN-7169-5: Linux kernel (Real-time) vulnerabilities

stb-0^20241002git31707d1-4.el9

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Ivanti Connect Secure Zero-Day Vulnerability