CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability
CVE-2024-11680 ProjectSend Improper Authentication Vulnerability
CVE-2024-11667 Zyxel Multiple Firewalls Path Traversal Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information.Â

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theÂBOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Police Shut Down Matrix Encrypted Criminal Hub

December 3, 2024 0 Comments 0 tags

A law enforcement operation executed by Dutch and French authorities resulted in the main servers used by Matrix being taken down

Chinese Espionage Group Upgrades Malware Arsenal to Target All Major OS

July 23, 2024 0 Comments 0 tags

Symantec said Chinese espionage group Daggerfly has updated its malware toolkit as it looks to target Windows, Linux, macOS and Android operating systems

Vietnam’s Infostealer Crackdown Reveals VietCredCare and DuckTail

November 21, 2024 0 Comments 0 tags

Group-IB revealed key differences in VietCredCare and DuckTail infostealer malware targeting Facebook Business accounts