Post

CISA Updates Catalog with Two New Exploited Vulnerabilities

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the critical need for timely remediation to protect against cyber threats.

Posted
By Vitus White
1 min read
CISA Updates Catalog with Two New Exploited Vulnerabilities

TL;DR

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities pose significant risks to federal and private organizations, underscoring the importance of timely remediation to mitigate cyber threats.

CISA Adds New Vulnerabilities to Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with two new entries based on evidence of active exploitation. The vulnerabilities added are:

  • CVE-2024-6047: GeoVision Devices OS Command Injection Vulnerability
  • CVE-2024-11120: GeoVision Devices OS Command Injection Vulnerability

These types of vulnerabilities are frequent targets for malicious cyber actors and pose significant risks to federal and private sector organizations.

Understanding the Binding Operational Directive (BOD) 22-01

The Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog as a dynamic list of known Common Vulnerabilities and Exposures (CVEs) that present substantial risks to federal agencies. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities by the specified due date to safeguard their networks against active threats. For more information, refer to the BOD 22-01 Fact Sheet.

Importance of Timely Remediation

Although BOD 22-01 is specifically directed at FCEB agencies, CISA strongly recommends that all organizations prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach is essential for reducing exposure to cyberattacks. CISA will continue to update the catalog with vulnerabilities that meet the specified criteria.

Conclusion

The addition of these vulnerabilities to CISA’s catalog highlights the ongoing need for vigilance and prompt action in cybersecurity. Organizations must stay informed about emerging threats and take immediate steps to remediate known vulnerabilities to protect their systems and data from potential breaches.

Additional Resources

For further insights, check:

References

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity vulnerabilities threat intelligence
This post is licensed under CC BY 4.0 by the author.