CISA Updates Known Exploited Vulnerabilities Catalog with Two New Entries
CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risks and the importance of timely remediation.
TL;DR
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified as CVE-2019-9874 and CVE-2019-9875, affect the Sitecore CMS and Experience Platform (XP). They pose significant risks to federal agencies and other organizations, emphasizing the need for prompt remediation to mitigate threats. CISA strongly urges all organizations to prioritize the patching of these vulnerabilities as part of their cybersecurity measures.
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog by adding two new entries based on evidence of active exploitation. These vulnerabilities are:
- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Understanding the Risks
Deserialization vulnerabilities allow attackers to execute arbitrary code on affected systems, leading to potential data breaches, system compromises, and other malicious activities. The addition of these vulnerabilities to the catalog underscores the urgent need for organizations to address these issues promptly.
Binding Operational Directive (BOD) 22-01
The Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. For more information, refer to the BOD 22-01 Fact Sheet.
Recommendations for All Organizations
Although BOD 22-01 specifically applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing the timely remediation of Catalog vulnerabilities as part of their vulnerability management practices. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Conclusion
The addition of these vulnerabilities to the CISA catalog highlights the ongoing need for vigilance and proactive measures in cybersecurity. Organizations must stay informed about emerging threats and take immediate action to mitigate risks. By prioritizing the remediation of known exploited vulnerabilities, entities can significantly enhance their cybersecurity posture and protect against potential attacks.
For more details, visit the full article: source
Additional Resources
For further insights, check:
- CISA Known Exploited Vulnerabilities Catalog
- CVE-2019-9874
- CVE-2019-9875
- BOD 22-01 Fact Sheet
- [Binding Operational Directive (BOD) 22-01](https://www.cisa.gov/binding-operational-directive-22-01