CISA Highlights Exploitation of Pixel Phone and Sunhillo SureLine Vulnerabilities

March 6, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has updated its catalog of Known Exploited Vulnerabilities (KEV) to include two significant flaws. These vulnerabilities affect Pixel phones and Sunhillo software, and have been exploited in the past.

The Pixel phone vulnerability is identified as CVE-2023-21237. Google issued a patch for this flaw in June 2023 and warned of 'limited, targeted exploitation'. The company released its security bulletin for Pixel phones a week after the general Android security bulletin, which led to this particular vulnerability going unnoticed. The flaw affects the Framework component and is linked to the concealment of foreground service notifications due to a misleading or insufficient user interface. This could be exploited by an attacker to access sensitive information without needing additional execution privileges or user interaction. Although public information on the exploitation of this vulnerability is scarce, it is speculated that it might have been used as part of an exploit chain by a commercial spyware vendor to compromise Pixel Android phones.

The second vulnerability, CVE-2021-36380, affects Sunhillo SureLine. Sunhillo is a provider of surveillance data distribution and conversion products for the aviation industry, and SureLine is a key component of the company’s surveillance gateway products. This vulnerability was disclosed and patched in 2021. The NCC Group, which discovered the flaw, described it as a 'critical unauthenticated OS command injection issue' that could enable an attacker to take full control of the targeted system. In November 2023, SonicWall observed attempts to exploit the SureLine product vulnerability in its honeypots. The cybersecurity firm concluded that these attempts were likely linked to the Mirai botnet, notorious for hijacking a wide range of IoT devices and using them for DDoS attacks.

CISA has included these vulnerabilities in its KEV catalog and has directed federal agencies to address them by March 26. While government organizations are mandated to address flaws listed in the KEV, all organizations are encouraged to refer to this resource for vulnerability prioritization.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.