CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Tracked as CVE-2022-30333, the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.

The vulnerability was revealed by SonarSource researcher Simon Scannell in late June.

“RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract operation,” the agency said in an advisory.

On top of that, CISA has also added CVE-2022-34713 to the catalog after Microsoft, as part of its Patch Tuesday updates on August 9, revealed that it has seen indications that the vulnerability has been exploited in the wild.

Said to be a variant of the vulnerability publicly known as DogWalk, the shortcoming in the Microsoft Windows Support Diagnostic Tool component could be leveraged by a rogue actor to execute arbitrary code on susceptible systems by tricking a victim into opening a decoy file.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:
GET STARTED TODAY

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

A Vumetric expert will contact you to learn more about your cybersecurity needs and goals.

The project's scope will be defined (Target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is sent to you.

PCI-DSS
This field is for validation purposes and should be left unchanged.
2024 EDITION

PENETRATION TESTING Buyer's Guide

Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.