The Cybersecurity and Infrastructure Security Agency (CISA) has identified ten new vulnerabilities in its Known Exploited Vulnerabilities Catalog that are currently being exploited by cybercriminals. The CVEs are commonly used by attackers as attack vectors and pose a significant threat to federal networks.
Furthermore, the vulnerabilities include Microsoft Internet Explorer Memory Corruption Vulnerability, Samba Remote Code Execution Vulnerability, Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability, and several Arm Mali GPU Kernel Driver vulnerabilities.
This Known Exploited Vulnerabilities Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry a significant risk to the federal enterprise. The Catalog was established as part of Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by a specified date to protect their networks against active threats.
However, CISA strongly recommends that all organizations prioritize the timely remediation of Catalog vulnerabilities to reduce their exposure to cyberattacks.
Additionally, The ten newly identified vulnerabilities have been added to the catalog based on evidence of active exploitation by malicious cyber actors.
CISA will continue to add new vulnerabilities that meet the specified criteria to the catalog.
Organizations are encouraged to review the catalog and prioritize the remediation of these vulnerabilities as part of their vulnerability management practice.
Finally, the catalog provides a valuable resource for organizations to identify and address vulnerabilities that pose significant risks to their systems and networks.
