- The Cybersecurity and Infrastructure Security Agency (CISA) is responsible for coordinating cybersecurity programs and improving the government’s cybersecurity defenses against private and nation-state hackers.
- CISA added three new vulnerabilities to its catalog, all of which are currently known to be exploited in the wild. CISA maintains a catalog of known vulnerabilities, which it uses to help identify new vulnerabilities.
- For both the TerraMaster NAS and the Intel network driver vulnerabilities, the related companies recommend installing the latest update for maximum security.
The Cybersecurity and Infrastructure Security Agency (CISA) is an agency in charge of strengthening cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs, and improving the government’s cybersecurity defenses against private and nation-state hackers.
CISA added three vulnerabilities to its catalog; Fortra’s GoAnywhere MFT (managed file transfer), TerraMaster NAS, and Intel Ethernet diagnostics driver vulnerabilities. CISA keeps this catalog for known exploited vulnerabilities.
The vulnerabilities
The GoAnywhere MFT (managed file transfer) is a storage device that can be used with any operating system. It is developed to provide convenient and reliable backup of data stored on your computer’s hard drive, as well as remote access to files and folders. Fortra’s GoAnywhere MFT warned users about a zero-day remote code injection exploit on February 6th. The issue tracked as CVE-2023-0669 was patched in version 7.1.2.
NAS stands for “Network Attached Storage,” and it is a type of network storage device that may centrally store essential data such as images, movies, music, and office files. TNAS (TerraMaster NAS) can be utilized by home users as well as small and medium-sized businesses for storage. TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password, tracked as CVE-2022-24990.
The Intel Network Adapter Driver contains a vulnerability in the iqvw32.sys and iqvw64e.sys drivers. Attackers can take advantage of this vulnerability to create a denial of service or perhaps execute arbitrary code in kernel space. The vulnerability is tracked as CVE-2015-2291 and has a CVSS rating of 7.8.
For both the NAS and the Intel vulnerability, the related companies recommend installing the latest update for maximum security.