CISA Updates Catalog with Newly Discovered Exploited Vulnerability
TL;DR
CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting the importance of timely remediation for all organizations. The added vulnerability, CVE-2024-20439, affects the Cisco Smart Licensing Utility and is actively being exploited.
CISA Adds New Vulnerability to Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This addition underscores the ongoing threat posed by such vulnerabilities to both federal and private sector organizations.
Newly Added Vulnerability
The latest addition to the catalog is:
- CVE-2024-20439: Cisco Smart Licensing Utility Static Credential Vulnerability
These types of vulnerabilities are common attack vectors for malicious cyber actors, posing significant risks to federal enterprises and beyond.
Binding Operational Directive (BOD) 22-01
The Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog as a dynamic list of known Common Vulnerabilities and Exposures (CVEs) that present substantial risks. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities by the specified due date to safeguard against active threats. For more details, refer to the BOD 22-01 Fact Sheet.
Recommendations for All Organizations
Although BOD 22-01 is specifically directed at FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach is crucial for reducing exposure to cyberattacks. CISA will continue to update the catalog with vulnerabilities that meet the specified criteria.
Conclusion
The addition of CVE-2024-20439 to CISA’s Known Exploited Vulnerabilities Catalog serves as a reminder of the constant need for vigilance in cybersecurity. Organizations must stay proactive in identifying and mitigating these threats to protect their networks and data from potential breaches.