CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based mostly on proof of energetic exploitation.
- CVE-2023-47246 SysAid Server Path Traversal Vulnerability
- CVE-2023-36844 Juniper Junos OS EX Sequence PHP Exterior Variable Modification Vulnerability
- CVE-2023-36845 Juniper Junos OS EX Sequence and SRX Sequence PHP Exterior Variable Modification Vulnerability
- CVE-2023-36846 Juniper Junos OS SRX Sequence Lacking Authentication for Essential Operate Vulnerability
- CVE-2023-36847 Juniper Junos OS EX Sequence Lacking Authentication for Essential Operate Vulnerability
- CVE-2023-36851 Juniper Junos OS SRX Sequence Lacking Authentication for Essential Operate Vulnerability
Some of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose important dangers to the federal enterprise. Word: To view different newly added vulnerabilities within the catalog, click on on the arrow within the “Date Added to Catalog” column—which is able to type by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Identified Exploited Vulnerabilities Catalog as a residing checklist of identified Widespread Vulnerabilities and Exposures (CVEs) that carry important threat to the federal enterprise. BOD 22-01 requires Federal Civilian Govt Department (FCEB) businesses to remediate recognized vulnerabilities by the due date to guard FCEB networks in opposition to energetic threats. See the BOD 22-01 Fact Sheet for extra data.
Though BOD 22-01 solely applies to FCEB businesses, CISA strongly urges all organizations to cut back their publicity to cyberattacks by prioritizing well timed remediation of Catalog vulnerabilities as a part of their vulnerability administration follow. CISA will proceed so as to add vulnerabilities to the catalog that meet the specified criteria.