The Cybersecurity and Infrastructure Security Agency (CISA) has added five new critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, underscoring the urgent need for organizations to take action. These vulnerabilities, identified as CVE-2024-27348 (Apache HugeGraph-Server), CVE-2020-0618 (Microsoft SQL Server Reporting Services), CVE-2019-1069 (Microsoft Windows Task Scheduler), CVE-2022-21445 (Oracle JDeveloper), and CVE-2020-14644 (Oracle WebLogic Server), are actively being exploited by cybercriminals. They present serious risks to both public and private-sector systems, with the potential to cause severe operational disruptions if left unpatched.
The vulnerabilities allow attackers to exploit systems through remote code execution and privilege escalation, two of the most dangerous types of cyberattacks. For instance, the vulnerability in Microsoft SQL Server Reporting Services could enable an attacker to execute arbitrary code remotely, while the flaw in Microsoft Windows Task Scheduler could allow for privilege escalation, granting attackers full control of the system. These vulnerabilities threaten the security of sensitive data, networks, and applications, making them prime targets for cybercriminals.
CISA’s Known Exploited Vulnerabilities Catalog is a key resource for organizations to identify and mitigate high-risk security gaps in their infrastructure. CISA has issued immediate recommendations for organizations to patch these vulnerabilities or apply vendor-provided mitigations. Failure to address these flaws could lead to devastating consequences, such as data breaches, service disruptions, or even complete system compromise. For some organizations, if a patch is unavailable, discontinuing the use of vulnerable products may be the safest option.
While CISA’s guidance is specifically directed at Federal Civilian Executive Branch (FCEB) agencies under Binding Operational Directive 22-01, all organizations are urged to act swiftly. Cyber threats are increasingly sophisticated, and unpatched vulnerabilities are a common entry point for malicious actors. By promptly addressing these known exploits, organizations can strengthen their cybersecurity defenses and reduce the risk of a major breach or system failure.
