Pierluigi Paganini February 11, 2023

US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS to its Known Exploited Vulnerabilities Catalog.

US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS, respectively tracked as CVE-2023-0669, CVE-2015-2291, and CVE-2022-24990, to its Known Exploited Vulnerabilities Catalog.

The CVE-2015-2291 flaw (CVSS v3 score 7.8) is a denial-of-service (DoS) issue that resides in the Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys.

The CVE-2022-24990 flaw is a remote command execution vulnerability in the TerraMaster OS that can allow an unauthenticated user to execute commands on the target endpoint. The issue was also reported in the joint Cybersecurity Advisory (CSA) published by US and South Korean agencies about North Korea-linked APT groups conducting ransomware attacks against healthcare and critical infrastructure facilities to fund their activities. The flaw is exploited by North Korea-linked APT groups to gain initial access to the target infrastructure.

The CVE-2023-0669 flaw is a remote code injection issue that impacts GoAnywhere MFT. The vulnerability can only be exploited by attackers with access to the administrative console of the application.

Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object

Bleeping Computer reported that the Clop ransomware gang claimed to have exploited this vulnerability to steal data from over 130 organizations.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix these vulnerabilities by March 3, 2023.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Known Exploited Vulnerabilities Catalog)