The US Cybersecurity and Infrastructure Security Agency - CISA for short - has created the top list of vulnerabilities that are actively used by state-sponsored cyber actors in the People's Republic of China. All companies and operators of critical infrastructure (KRITIS) should pay attention to the list.
This joint Cybersecurity Advisory (CSA) contains the key common vulnerabilities and exposures (CVEs) exploited by state-sponsored cyber actors of the People's Republic of China (PRC) since 2020. The assessment was jointly conducted by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). PRC state-sponsored actors continue to exploit these known vulnerabilities to actively target US and allied networks and software and hardware companies around the world to steal intellectual property and gain access to sensitive networks.
Cybersecurity Advisory lists the vulnerabilities
This joint CSA builds on previous NSA, CISA and FBI reports to inform federal and state, local, tribal and territorial (SLTT) governments. Critical infrastructure operators, including the defense industrial base sector and private sector organizations, should also be informed about the Trends, Tactics, Techniques and Procedures (TTPs).
The NSA, CISA, and FBI urge U.S. and federal governments, critical infrastructure, and private sector organizations to apply the recommendations in the Mitigations section and listed below to strengthen their cyber defenses to address the threat posed by VR state-sponsored cyber actors reduce China.
On its website, CISA also lists further explanations of the vulnerabilities and what measures companies and administrators should take.
More at CISA.gov
CSA – Cybersecurity Advisory of Vulnerabilities
| Manufacturers | CVE | vulnerability type |
|---|---|---|
| apachelog4j | CVE-2021-44228 | Remote Code Execution |
| Pulse Connect securely | CVE-2019-11510 | Arbitrary reading of files |
| GitLab CE/EE | CVE-2021-22205 | Remote Code Execution |
| Atlassian | CVE-2022-26134 | Remote Code Execution |
| microsoft Exchange | CVE-2021-26855 | Remote Code Execution |
| F5 Big IP | CVE-2020-5902 | Remote Code Execution |
| VMware vCenter Server | CVE-2021-22005 | Any file upload |
| Citrix ADC | CVE-2019-19781 | Path Traversal |
| Cisco Hyperflex | CVE-2021-1497 | command line execution |
| Buffalo WSR | CVE-2021-20090 | Relative path traversal |
| Atlassian Confluence servers and data center | CVE-2021-26084 | Remote Code Execution |
| Hikvision web server | CVE-2021-36260 | command injection |
| Sitecore XP | CVE-2021-42237 | Remote Code Execution |
| F5 Big IP | CVE-2022-1388 | Remote Code Execution |
| Apache | CVE-2022-24112 | Authentication bypass through spoofing |
| ZOHO | CVE-2021-40539 | Remote Code Execution |
| Microsoft | CVE-2021-26857 | Remote Code Execution |
| Microsoft | CVE-2021-26858 | Remote Code Execution |
| Microsoft | CVE-2021-27065 | Remote Code Execution |
| Apache HTTP Server | CVE-2021-41773 | Path Traversal |