CISA has heightened concerns by incorporating a new vulnerability, CVE-2023-35082, into its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The vulnerability, specifically targeting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication, is identified as a potential entry point for malicious cyber actors, posing considerable risks to federal enterprises. The gravity of this discovery is underscored by Binding Operational Directive (BOD) 22-01, designed to mitigate significant risks associated with known vulnerabilities. The directive mandates Federal Civilian Executive Branch (FCEB) agencies to promptly remediate identified vulnerabilities within a specified timeframe to safeguard FCEB networks from active threats.
While BOD 22-01 is directed at FCEB agencies, CISA extends its advisory to all organizations, urging a proactive approach to vulnerability management. Timely remediation of vulnerabilities listed in the Known Exploited Vulnerabilities Catalog is strongly encouraged as part of a comprehensive cybersecurity strategy. CISA remains committed to enhancing the catalog’s relevance by continuously adding vulnerabilities that meet specified criteria, maintaining an up-to-date resource for organizations to bolster their cybersecurity defenses.
