CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

Nov 17, 2023NewsroomPatch / Vulnerability Management

Active Exploitation

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploitable Vulnerabilities (KEV SEARCHED) catalog based on evidence of active forest exploitation.

the weaknesses are as follows-

  • CVE-2023-36584 (CVSS score: 5.4) – Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability
  • CVE-2023-1671 (CVSS score: 9.8) – Sophos Web Appliance Command Injection Vulnerability
  • CVE-2023-2551 (CVSS score: 8.8) – Oracle Fusion Middleware Unspecified Vulnerability

CVE-2023-1671 is related to a critical pre-auth command injection vulnerability which allows for the execution of arbitrary code. CVE-2023-2551 is a wrong in WLS Core Components that allow an unauthenticated attacker with network access to compromise WebLogic Server.


There are currently no public reports documenting in-the-wild attacks using both flaws.

Meanwhile, the addition of CVE-2023-36584 to the KEV catalog is based on a report from Palo Alto Networks Unit 42 earlier this week, which detailed spear-phishing attacks mounted by the pro-Russian APT group known as Storm-0978 (aka RomCom or Void Rabisu) targeting groups supporting Ukraine’s entry into NATO in July 2023.

CVE-2023-36584, patched by Microsoft as part of the October 2023 security update, is said to be used with CVE-2023-36884a Windows remote code execution vulnerability targeted in July, in an exploit chain to deliver PEAPOD, an updated version of the RomCom RAT.

Due to active exploitation, federal agencies are recommended to apply the fixes by December 7, 2023, to secure their networks against potential threats.

Fortinet Discloses Critical Command Injection Bug in FortiSIEM

The development comes as Fortinet is alerting customers to a critical command injection vulnerability in the FortiSIEM report server (CVE-2023-36553CVSS score: 9.3) that can be exploited by attackers to execute arbitrary commands.


CVE-2023-36553 is described as a variant of CVE-2023-34992 (CVSS score: 9.7), a similar flaw in the same product that Fortinet fixed in early October 2023.

“An improper neutralization of special elements used by a vulnerability in the OS command (CWE-78) in the FortiSIEM report server could allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests,” the company said. SAYS in an advisory this week.

The vulnerability, which affected FortiSIEM versions 4.7, 4.9, 4.10, 5.0, 5.1, 5.2, 5.3, and 5.4, was fixed in versions 7.1.0, 7.0.1, 6.7.6, 6.6.4, 6.5.2 , .3, or later.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment