CISA Cybersecurity Alerts
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products.
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices, and includes best practices to mitigate these risks.
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US have observed a recent increase in malicious cyber activity against managed service providers (MSPs). Allied cybersecurity authorities expect state-sponsored cyber actors to increase their targeting of MSPs in an attempt to exploit provider-customer trust relationships. This advisory includes security guidance tailored for both MSPs and their customers.
The US government attributes cyberattacks on satellite communication (SATCOM) networks to Russian state-sponsored malicious cyber actors. The FBI and CISA are aware of possible threats to US and international SATCOM networks. Intrusions into SATCOM networks could create risk in customer environments.