The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of three new vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
The vulnerabilities include CVE-2004-1464, a denial-of-service vulnerability in Cisco IOS, CVE-2016-6415, an information disclosure vulnerability affecting Cisco IOS, IOS XR, and IOS XE in IKEv1, and CVE-2023-21492, which allows the insertion of sensitive information into log files on Samsung Mobile Devices. These vulnerabilities are frequently targeted by malicious cyber actors and pose significant risks to federal enterprises.
The Known Exploited Vulnerabilities Catalog was established by the Binding Operational Directive (BOD) 22-01 to identify Common Vulnerabilities and Exposures (CVEs) that carry substantial risk to the federal enterprise. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities within specified timeframes to safeguard FCEB networks from active threats.
While BOD 22-01 is applicable only to FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of vulnerabilities listed in the catalog as part of their vulnerability management practices.
CISA’s ongoing commitment to enhancing cybersecurity prompts them to continuously add vulnerabilities to the Known Exploited Vulnerabilities Catalog that meet the specified criteria.
To access a complete list of newly added vulnerabilities, users can sort the catalog by descending dates in the “Date Added to Catalog” column. By proactively addressing these vulnerabilities, organizations can significantly reduce their exposure to cyberattacks and bolster their overall security posture.
