The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2017-6742 Cisco IOS and IOS XE Software SNMP Remote Code Execution to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
CISA established the Known Exploited Vulnerabilities Catalog under the Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.
This living list includes Common Vulnerabilities and Exposures (CVEs) that pose significant risks to the federal enterprise.
According to CISA, these types of vulnerabilities are common attack vectors for malicious cyber actors and pose significant risks to organizations.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks.
CISA advises organizations to stay informed and up-to-date with the latest vulnerabilities by reviewing the Known Exploited Vulnerabilities Catalog.
The catalog includes a list of known CVEs that carry significant risk to organizations and that are actively being exploited by malicious actors. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria to help organizations protect against active threats.
