Three security flaws have been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CVE-2022-35914, the most critical of the three, is a remote code execution vulnerability in the third-party library htmlawed present in Teclib GLPI, an open source asset and IT management software package.
The Shadowserver Foundation in October 2022 noted that it has seen exploitation attempts against its honeypots and, since then, a cURL-based one-line proof of concept (PoC) has been made available on GitHub and a "mass" scanner has been advertised for sale, VulnCheck security researcher Jacob Baines said in December 2022. Furthermore, data gathered by GreyNoise has revealed 40 malicious IP addresses from the U.S., the Netherlands, Hong Kong, Australia, and Bulgaria, attempting to abuse the shortcoming.
The second flaw is an unauthenticated command injection vulnerability in Apache Spark that has been exploited by the Zerobot botnet to co-opt susceptible devices with the goal of carrying out distributed denial-of-service (DDoS) attacks. Lastly, also added to the KEV catalog is a remote code execution flaw in Zoho ManageEngine ADSelfService Plus that was patched in April 2022.