The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding three critical vulnerabilities that are currently being exploited by malicious actors. These vulnerabilities pose a significant threat to various popular programs and systems, posing serious risks to organizations and users.
The first vulnerability, known as CVE-2016-3714, has a CVSS score of 8.4 and affects Imagemagick, a widely used suite of programs for manipulating images. This vulnerability arises from inadequate input data verification, allowing attackers to execute arbitrary code on the system by processing a specially crafted image.
The second vulnerability, identified as CVE-2017-1000253 with a CVSS score of 7.8, has been discovered in the Linux kernel. This vulnerability involves a stack buffer overflow in the Load_elf_binary() function, enabling a local attacker to escalate privileges and gain unauthorized access to sensitive system data.
The third vulnerability, designated as CVE-2024-40766 and having a CVSS score of 9.8, affects the Sonicwall Sonicos system utilized in inter-grid screens. An access control flaw in the system allows attackers to exploit system resources and disrupt the operation of the inter-grid screen. While there is no information available on actual exploits leveraging this vulnerability, the impact on network security is deemed severe.
CISA strongly advises organizations to promptly apply patches released by developers or discontinue the use of vulnerable software in the absence of fixes. The deadline for implementing these security measures is set for September 30, 2024.
The agency underscores the importance of promptly implementing security measures and software updates. It urges organizations not to delay system updates to mitigate the risk of potential cyber attacks and data breaches.