CISA Adds 15 New Exploited Vulnerabilities to Catalog

New Exploited Vulnerabilities to Catalog

A recent batch of security flaws was added to CISA’s catalog. The 66-hole list includes a 2005 RCE flaw in HP OpenView, a 2009 buffer overflow in Adobe Reader, and 23 flaws discovered in 2010 and 2011. The next batch will contain even more vulnerabilities. CISA plans to publish a new vulnerability catalog at regular intervals to prevent overloading system administrators. The latest list also includes exploit chains.

CISA, the Cybersecurity and Infrastructure Security Agency, has added 15 new known exploited vulnerabilities catalog. The agency has given federal agencies until January 24 to patch all of the afflictions. The newly added vulnerabilities are particularly critical, since they are potentially dangerous for the federal enterprise. The new vulnerabilities are listed alphabetically by vendor, with older bugs coming from as far back as the early 2000s.

While CISA previously added guidance on how to handle known vulnerabilities, this latest addition makes more sense now that the catalog contains close to 170,000 issues. In fact, a single flaw can be used to compromise an entire identity infrastructure. By taking this approach, CISA is making security priorities clearer than ever. It is advisable to prioritize exploitation-related vulnerabilities over theory-based flaws.

CISA, the federal cybersecurity authority, urges all organizations to review this advisory. The advisory covers 15 active exploited vulnerabilities and identifies detailed mitigations. Using CISA’s advisory as a basis for patching your systems, you can make sure your systems are protected against future cyberattacks. You can find the CISA advisory on its website. Just make sure to update your software accordingly.

The latest vulnerability affecting SonicWall Network Security Appliance is a stack-based buffer overflow that could allow an attacker to upload files and gain elevated privileges. This flaw affects software versions before 10.1.2r60p93 and 10.2.2r44p1. VMware also has a vulnerability affecting port 443 which could be exploited by malicious actors. Once the patched versions are installed, CISA is encouraging organizations to check the updated version of their systems.

CISA Adds 15 New Exploited Vulnerabilities to Catalog

In the meantime, the FBI and CISA urge all entities to review their cybersecurity posture and implement recommended mitigations for these flaws. The new bulletins highlight the most recent cyber threats and their mitigations. Read it carefully and implement them if you want to protect your systems from severe business damage. It will also provide you with valuable insights into how to reduce your business’s risk of ransomware attacks.

The new bulletin is aimed at federal agencies, but organizations worldwide should review it to ensure they are protected against these threats. Specifically, CISA recommends that organizations take immediate action on all 570 issues in its Must Patch List. If you are a member of CISA, you can review the CISA Catalog here. If you are not a member of CISA, you should consider registering for their newsletter to be notified when new vulnerabilities are added.

The CISA has also released AR21-134A, Eviction Guidance for Networks Affected By the SolarWinds Compromise. This guidance provides detailed steps for evicting adversaries from compromised environments. Lastly, CISA published Emergency Directive 21-01 Supplemental Direction Version 4: Mitigate SolarWinds Orion Code Compromise and Protect Your Networks

Leave a Reply

Your email address will not be published. Required fields are marked *