CISA adds 41 vulnerabilities to catalog of exploited bugs
Organizations are required to fix the flaws by June 13 and 14 to “reduce their exposure to cyber attacks”
The Cybersecurity and Infrastructure Security Agency (CISA) added 41 vulnerabilities to its catalog of known exploited bugs this week.
The batch is one of the largest to be added to the list since the organization began compiling it back in November last year, with the additions including bugs relating to the likes of Microsoft, Apple, Google, Cisco, Adobe, Facebook, WhatsApp, Mozilla, Kaseya, Artifex, and QNAP.
The dates of these vulnerabilities range from 2016 to 2021, with the CISA giving federal agencies until June 13 and 14 to provide patches and “reduce their exposure to cyber attacks".
The organisation says it adds exploited vulnerabilities “when they become known”. subject to an executive review and when they satisfy three key thresholds: the vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID, there is reliable evidence that it has been actively exploited in the wild, and when there is clear remediation action for the bug.
The most recent listing is a Cisco IOS XR open port vulnerability (CVE-2022-20821), which was fixed last week. This bug is used to allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.
CISA also listed the Windows elevation of privileges vulnerability (CVE-2020-0638). Despite being disclosed back in 2020, the flaw was still being used by ransomware gang Conti as part of corporate attacks this year.
The list of vulnerabilities were added to the catalog in two parts, with CISA giving federal agencies until June 13th for the 21 added on Monday, and until June 14th for the 20 listed on Tuesday.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download