The Cybersecurity and Infrastructure Security Agency (CISA) has taken action against the growing cyber threat landscape by updating its Known Exploited Vulnerabilities Catalog with a new addition. The recently identified vulnerability, CVE-2023-35081, targets the Ivanti Endpoint Manager Mobile (EPMM) through a Path Traversal exploit, making it a highly sought-after entry point for malicious cyber actors.
With the federal enterprise facing significant risks due to such vulnerabilities, CISA highlights the urgency for organizations to prioritize vulnerability management.
Binding Operational Directive (BOD) 22-01, aimed at Reducing the Significant Risk of Known Exploited Vulnerabilities, serves as the foundation for the Known Exploited Vulnerabilities Catalog. The directive establishes a dynamic list of Common Vulnerabilities and Exposures (CVEs) that pose considerable threats to federal enterprises.
BOD 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to promptly address identified vulnerabilities within specified timelines to protect their networks from active cyber threats. For those seeking other newly added vulnerabilities in the catalog, CISA offers a simple method by clicking on the “Date Added to Catalog” column to sort the entries chronologically.
While BOD 22-01 applies exclusively to FCEB agencies, CISA advocates a broader approach to cybersecurity. Urging all organizations, regardless of affiliation, to take proactive steps in minimizing their exposure to cyberattacks, CISA recommends timely remediation of vulnerabilities listed in the Known Exploited Vulnerabilities Catalog. By adopting comprehensive vulnerability management practices, organizations can bolster their defenses against cyber threats.
CISA pledges to continually update the catalog with new vulnerabilities that meet specific criteria, aiming to keep the cybersecurity community well-informed and prepared to tackle emerging threats effectively.