CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, primarily based on proof of energetic exploitation.
- CVE-2023-38035 Ivanti Sentry Authentication Bypass Vulnerability
- CVE-2023-27532 Veeam Backup & Replication Cloud Join Lacking Authentication for Essential Operate Vulnerability
Most of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise. Be aware: To view different newly added vulnerabilities within the catalog, click on on the arrow within the “Date Added to Catalog” column—which can kind by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Identified Exploited Vulnerabilities Catalog as a dwelling checklist of identified Frequent Vulnerabilities and Exposures (CVEs) that carry vital threat to the federal enterprise. BOD 22-01 requires Federal Civilian Govt Department (FCEB) companies to remediate recognized vulnerabilities by the due date to guard FCEB networks in opposition to energetic threats. See the BOD 22-01 Fact Sheet for extra info.
Though BOD 22-01 solely applies to FCEB companies, CISA strongly urges all organizations to scale back their publicity to cyberattacks by prioritizing well timed remediation of Catalog vulnerabilities as a part of their vulnerability administration observe. CISA will proceed so as to add vulnerabilities to the catalog that meet the specified criteria.