The Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
At the same time, the catalog serves as a living list of known Common Vulnerabilities and Exposures (CVEs) that pose significant risks to the federal enterprise.
Furthermore, the newly added vulnerabilities include three Veritas Backup Exec Agent vulnerabilities: file access, improper authentication, and command execution. The fourth vulnerability added to the catalog is the Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability, which was identified in 2019.
The fifth vulnerability is the Arm Mali GPU Kernel Driver Information Disclosure Vulnerability.
Although the Binding Operational Directive (BOD) 22-01, which established the Known Exploited Vulnerabilities Catalog, applies only to Federal Civilian Executive Branch (FCEB) agencies, CISA strongly encourages all organizations to prioritize timely remediation of the catalog vulnerabilities to reduce their exposure to cyberattacks.
The directive requires FCEB agencies to remediate identified vulnerabilities by the due date to protect their networks against active threats.
Additionally, CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. To view other newly added vulnerabilities in the catalog, users can click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
Finally, organizations can reduce the risk of cyberattacks by implementing a robust vulnerability management practice and ensuring that identified vulnerabilities are remediated in a timely manner.