CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based mostly on proof of energetic exploitation.
- CVE-2017-18368 Zyxel P660HN-T1A Routers Command Injection Vulnerability
Most of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise. Word: To view different newly added vulnerabilities within the catalog, click on on the arrow within the “Date Added to Catalog” column—which can type by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Recognized Exploited Vulnerabilities Catalog as a dwelling listing of recognized Frequent Vulnerabilities and Exposures (CVEs) that carry vital threat to the federal enterprise. BOD 22-01 requires Federal Civilian Govt Department (FCEB) businesses to remediate recognized vulnerabilities by the due date to guard FCEB networks in opposition to energetic threats. See the BOD 22-01 Fact Sheet for extra data.
Though BOD 22-01 solely applies to FCEB businesses, CISA strongly urges all organizations to cut back their publicity to cyberattacks by prioritizing well timed remediation of Catalog vulnerabilities as a part of their vulnerability administration observe. CISA will proceed so as to add vulnerabilities to the catalog that meet the specified criteria.