CISA removed the flaw from the catalog, as it turned out to be a dummy.
Recently identified vulnerability CVE-2022-28958, added by the CISA agency to the Known Exploited Vulnerability (KEV) catalog, was officially recognized as erroneous and removed from the catalog. This decision came after the NVD revoked the CVE status as a "vulnerability" after a multi-month review.
Initially, it was thought that the vulnerability was a critical Remote Code Execution (RCE) error with a CVSS rating of 9.8 in the outdated D-Link router (DIR-816L). However, it turned out that in fact it does not affect the system.
VulnCheck described CVE-2022-28958 as "not a real vulnerability." The company discovered an error in the Proof of Concept (PoC), pointing to the wrong end point, which prevented remote code execution using the vulnerability.
VulnCheck stressed that the initial disclosure of the vulnerability mistakenly convinced MITRE, NVD and CISA of its importance. Even attackers who included this bug in the Moobot botnet's capabilities found that it didn't work. According to VulnCheck, there has never been a large-scale use of the flaw. The vulnerability should not be included in the MITRE list or in the CISA KEV directory.
It is important to note that two other bugs, CVE-2022-28955 and CVE-2022-28956, submitted by VulnCheck are still considered vulnerabilities and have not been rejected. However, according to VulnCheck, the first flaw has little or no impact on security, and the second one is a real problem, but is a duplicate of the other four CVEs.
Internet traffic analysis provider Greynoise has said it will stop tracking CVE-2022-28958, even though several attempts at exploits are still being made. Greynoise noted that "erroneous" vulnerabilities can lead to unnecessary alarms and resource allocation in the cybersecurity community, and can also undermine trust in reporting and cataloging systems that are crucial for effective vulnerability management.
Recently identified vulnerability CVE-2022-28958, added by the CISA agency to the Known Exploited Vulnerability (KEV) catalog, was officially recognized as erroneous and removed from the catalog. This decision came after the NVD revoked the CVE status as a "vulnerability" after a multi-month review.
Initially, it was thought that the vulnerability was a critical Remote Code Execution (RCE) error with a CVSS rating of 9.8 in the outdated D-Link router (DIR-816L). However, it turned out that in fact it does not affect the system.
VulnCheck described CVE-2022-28958 as "not a real vulnerability." The company discovered an error in the Proof of Concept (PoC), pointing to the wrong end point, which prevented remote code execution using the vulnerability.
VulnCheck stressed that the initial disclosure of the vulnerability mistakenly convinced MITRE, NVD and CISA of its importance. Even attackers who included this bug in the Moobot botnet's capabilities found that it didn't work. According to VulnCheck, there has never been a large-scale use of the flaw. The vulnerability should not be included in the MITRE list or in the CISA KEV directory.
It is important to note that two other bugs, CVE-2022-28955 and CVE-2022-28956, submitted by VulnCheck are still considered vulnerabilities and have not been rejected. However, according to VulnCheck, the first flaw has little or no impact on security, and the second one is a real problem, but is a duplicate of the other four CVEs.
Internet traffic analysis provider Greynoise has said it will stop tracking CVE-2022-28958, even though several attempts at exploits are still being made. Greynoise noted that "erroneous" vulnerabilities can lead to unnecessary alarms and resource allocation in the cybersecurity community, and can also undermine trust in reporting and cataloging systems that are crucial for effective vulnerability management.
