The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog by including a newly identified vulnerability that is actively being exploited.
The vulnerability, known as CVE-2023-28771 Zyxel Multiple Firewalls OS Command Injection Vulnerability, is a common target for cybercriminals and poses significant risks to federal enterprises. Users can access the catalog to view other recently added vulnerabilities by sorting them based on the date they were included.
The Known Exploited Vulnerabilities Catalog was established through the Binding Operational Directive (BOD) 22-01, aimed at reducing the significant risks associated with known vulnerabilities.
BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities by specified due dates to protect FCEB networks from active threats. Additional information about BOD 22-01 can be found in the BOD 22-01 Fact Sheet.
While BOD 22-01 primarily applies to FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of vulnerabilities listed in the catalog.
By doing so, organizations can reduce their exposure to cyberattacks and safeguard their systems and networks. CISA commits to continuously updating the catalog by adding vulnerabilities that meet the defined criteria, ensuring that organizations have access to up-to-date information to enhance their vulnerability management practices.
