CISA Mandates Immediate Patching for Two Actively Exploited Vulnerabilities

August 25, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding two critical vulnerabilities. These vulnerabilities, which exist in RARLAB WinRAR and Ignite Realtime Openfire, are being actively exploited by unidentified threat actors.

The vulnerability in WinRAR, listed as CVE-2023-38831, enables threat actors to masquerade file extensions. In essence, a harmful script within an archive could be camouflaged as a harmless image or text file. According to the Singapore-based firm Group-IB, specially designed ZIP or RAR archive files distributed via trading-related forums like Forex Station have been used to deliver various malware families such as DarkMe, GuLoader, and Remcos RAT since July 2023.

Openfire is an XMPP server licensed under the Open Source Apache License, often used for real-time communication like chat and instant messaging. The vulnerability in Openfire’s administrative console, labeled as CVE-2023-32315, allows an unauthorized user to access restricted pages in the Openfire Admin Console. This could potentially enable an attacker to seize control of an Openfire server or pilfer sensitive data. This vulnerability has been affecting all versions of Openfire released since April 2023, starting with version 3.10.0. The bug, CVE-2023-32315, has been patched in Openfire releases 4.7.5 and 4.6.8, with additional improvements expected in the upcoming first version of the 4.8 branch.

CISA has urged Federal Civilian Executive Branch (FCEB) agencies to implement the necessary patches to WinRAR and Openfire by September 14, 2023. FCEB agencies can locate the patches for WinRAR and Openfire on the respective vendor websites.

To further reduce vulnerabilities, organizations are advised to follow best practices. These include applying patches promptly, which can help shield them from active exploitation of critical security vulnerabilities.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.