The Cybersecurity and Infrastructure Security Agency (CISA) has taken proactive steps to enhance cyber resilience by incorporating a recently discovered exploited vulnerability into its Known Exploited Vulnerabilities Catalog. This addition, marked by CVE-2023-38180, focuses on a Denial of Service Vulnerability affecting Microsoft .NET Core and Visual Studio.
Such vulnerabilities, frequently exploited by malicious cyber actors, present substantial risks to the federal enterprise. To facilitate easy access to information, users can navigate the catalog and view newly added vulnerabilities by sorting through the “Date Added to Catalog” column.
CISA’s initiative aligns with Binding Operational Directive (BOD) 22-01, which aims to mitigate significant risks associated with known exploited vulnerabilities. The directive establishes the Known Exploited Vulnerabilities Catalog as a comprehensive compilation of Common Vulnerabilities and Exposures (CVEs) that pose substantial threats to the federal enterprise.
Under BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies are mandated to promptly address identified vulnerabilities to safeguard FCEB networks from active threats. For a deeper understanding, stakeholders can refer to the BOD 22-01 Fact Sheet.
While BOD 22-01 is specific to FCEB agencies, CISA extends a strong recommendation to all organizations to enhance their cybersecurity posture by promptly remediating vulnerabilities listed in the catalog.
This approach is integral to effective vulnerability management practices and reducing exposure to potential cyberattacks. CISA’s commitment to updating the catalog with vulnerabilities meeting specific criteria underscores its dedication to bolstering national cyber defenses and preemptively addressing emerging threats.
