The Cybersecurity and Infrastructure Security Agency (CISA) has issued two alerts regarding updates to its Known Exploited Vulnerabilities Catalog, emphasizing the importance of addressing these vulnerabilities to protect federal networks.
In the first alert dated September 19, 2023, saw CISA adding eight new vulnerabilities to the Known Exploited Vulnerabilities Catalog, further underlining the pressing need for vigilance in cybersecurity efforts. These vulnerabilities encompass a range of systems and devices, from Samsung mobile devices to Realtek SDK and Zyxel EMG2926 routers, posing potential security risks to the federal enterprise.
The second alert, dated September 18, 2023, CISA introduced a new vulnerability, CVE-2023-28434 MinIO Security Feature Bypass Vulnerability, into the catalog. Such vulnerabilities serve as prime targets for malicious cyber actors and pose significant threats to the federal enterprise.
CISA’s Binding Operational Directive (BOD) 22-01 established the catalog as a comprehensive list of known Common Vulnerabilities and Exposures (CVEs) that carry substantial risks, mandating Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities within specified timelines to safeguard FCEB networks against active threats.
CISA’s continued updates to the catalog align with the principles of BOD 22-01, which, while primarily applicable to FCEB agencies, strongly encourages all organizations to prioritize timely remediation of cataloged vulnerabilities as part of their vulnerability management practices. CISA remains committed to monitoring and addressing vulnerabilities that meet the specified criteria to enhance overall cybersecurity resilience.