CISA Updates Known Exploited Vulnerabilities Catalog with Three New Additions
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. Learn about the risks and necessary actions for federal agencies and other organizations.
TL;DR
- CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation.
- These vulnerabilities pose significant risks and require immediate attention from federal agencies.
- All organizations are urged to prioritize remediation to reduce exposure to cyberattacks.
Introduction
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding three new vulnerabilities. This action is based on evidence of active exploitation, highlighting the critical need for timely remediation to protect federal networks and other organizations from significant cyber threats.
New Vulnerabilities Added to the KEV Catalog
The following vulnerabilities have been added to the KEV Catalog:
- CVE-2020-25078: An unspecified vulnerability affecting D-Link DCS-2530L and DCS-2670L devices.
- CVE-2020-25079: A command injection vulnerability in D-Link DCS-2530L and DCS-2670L devices.
- CVE-2022-40799: A vulnerability in D-Link DNR-322L devices that allows the download of code without integrity checks.
These vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to federal enterprises.
Binding Operational Directive (BOD) 22-01
Binding Operational Directive (BOD) 22-01 established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risks to the federal enterprise. This directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect their networks against active threats.
For more information, refer to the BOD 22-01 Fact Sheet.
Recommendations for All Organizations
Although BOD 22-01 specifically applies to FCEB agencies, CISA strongly recommends that all organizations prioritize the timely remediation of vulnerabilities listed in the KEV Catalog as part of their vulnerability management practices. This proactive approach will help reduce exposure to cyberattacks and enhance overall cybersecurity posture.
Conclusion
The addition of these three vulnerabilities to CISA’s KEV Catalog underscores the ongoing threat posed by known exploited vulnerabilities. Federal agencies and other organizations must take immediate action to remediate these vulnerabilities to protect their networks and systems from potential cyber threats. By prioritizing the timely remediation of these vulnerabilities, organizations can significantly reduce their exposure to cyberattacks and enhance their overall cybersecurity posture.
For more details, visit the full article: CISA Adds Three Known Exploited Vulnerabilities to Catalog.
Additional Resources
For further insights, check out these authoritative sources: