CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2021-44207 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Man Gets 12.5 Years for Running Bitcoin Fog Crypto Mixer

November 11, 2024 0 Comments 0 tags

Swedish-Russian national Roman Sterlingov has been jailed for 12 years and six months for operating notorious cryptocurrency mixer Bitcoin Fog

Ross Anderson’s Memorial Service

June 21, 2024 0 Comments 0 tags

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. (The passcode is “L3954FrrEF”.)

Small number of vulnerabilities patched in last Android security update of 2024

December 2, 2024 0 Comments 0 tags

Google on Monday released its December 2024 Android Security Bulletin, detailing a range of security vulnerabilities affecting various components across Android devices, with some potentially allowing remote code execution and