A security vulnerability previously added to CISA's Known Exploited Vulnerability catalog, which was recognized by CVE Numbering Authorities, and included in reputable threat reports is now being formally rejected by infosec organizations.
It actually had no impact on the systems it targeted.
Regardless, the original disclosure was enough to convince cybersecurity org MITRE, which maintains the CVE list, the NVD, and CISA that the supposed flaw was worthy of attention.
Attackers also picked up on the seriousness of it all, with the criminals who operate Moobot adding it to the botnet's capabilities, only to find it didn't work there either.
Baines also noted its operators encoded the exploit incorrectly, so even if the vulnerability was genuine it wouldn't have worked in Moobot's implementation anyway.
When submitting CVE-2022-28958 to the numbering authorities, the original reporter submitted three other vulnerabilities, two of which also received CVEs that Baines claimed probably shouldn't have been assigned in the first place either.
CVE-2022-28955 and CVE-2022-28956 are still considered vulnerabilities and they haven't been rejected, it's important to note.
Internet traffic analysis vendor Greynoise said this week it would stop tracking CVE-2022-28958, despite a handful of exploits still being attempted.
This Cyber News was published on go.theregister.com. Publication date: Wed, 06 Dec 2023 15:28:05 +0000