The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with two new vulnerabilities, CVE-2023-33009 and CVE-2023-33010, which have been actively exploited.
These vulnerabilities, related to Zyxel Multiple Firewalls, are commonly targeted by malicious cyber actors and pose significant risks to federal organizations. The Known Exploited Vulnerabilities Catalog serves as a dynamic list of Common Vulnerabilities and Exposures (CVEs) that carry high risks to the federal enterprise.
The establishment of the Known Exploited Vulnerabilities Catalog was initiated through the Binding Operational Directive (BOD) 22-01.
This directive aims to mitigate the risks associated with known vulnerabilities and requires Federal Civilian Executive Branch (FCEB) agencies to address identified vulnerabilities within specified timeframes to safeguard their networks from active threats. More information about BOD 22-01 can be found in the provided fact sheet.
While BOD 22-01 applies specifically to FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of vulnerabilities listed in the catalog. By taking proactive measures to address these vulnerabilities, organizations can reduce their exposure to cyberattacks.
CISA will continue to update the Known Exploited Vulnerabilities Catalog with additional vulnerabilities that meet the defined criteria, further assisting organizations in their vulnerability management practices.
