The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog with three new critical vulnerabilities. These include CVE-2022-24816, a code injection vulnerability in GeoSolutionsGroup JAI-EXT; CVE-2022-2586, a use-after-free flaw in the Linux Kernel; and CVE-2020-13965, a cross-site scripting (XSS) issue in Roundcube Webmail. These vulnerabilities are significant due to their potential to be exploited by attackers to compromise systems and networks.
The Known Exploited Vulnerabilities Catalog is a component of the Binding Operational Directive (BOD) 22-01, which aims to reduce risks from known vulnerabilities affecting federal networks. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies address these vulnerabilities by specified deadlines to secure their systems from active threats. The catalog serves as a dynamic list of high-risk vulnerabilities that require prompt remediation.
While BOD 22-01 specifically targets FCEB agencies, CISA strongly advises all organizations to address these vulnerabilities to bolster their cybersecurity defenses. Timely remediation of cataloged vulnerabilities is crucial for reducing exposure to cyberattacks and maintaining overall network security. Organizations are encouraged to integrate these updates into their vulnerability management practices.
CISA will continue to update the catalog with additional vulnerabilities that meet the established criteria. This proactive approach ensures that federal agencies and other organizations stay informed about critical security risks and can take appropriate measures to protect their systems from emerging threats.
Reference:
