Source URL: https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog
Source: Alerts
Title: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Feedly Summary: CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal Vulnerability
CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability
CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
AI Summary and Description: Yes
Summary: The text discusses the addition of five new vulnerabilities to CISA’s Known Exploited Vulnerabilities Catalog, highlighting their active exploitation in the federal enterprise. It emphasizes the importance of timely remediation as mandated by Binding Operational Directive 22-01, while also urging all organizations to prioritize vulnerability management.
Detailed Description:
The text highlights critical information regarding cybersecurity, specifically focusing on newly identified vulnerabilities that pose significant threats to organizations, especially within the federal sector. It outlines:
* **Vulnerability Additions**: CISA has updated its Known Exploited Vulnerabilities Catalog, indicating an ongoing effort to track and address active threats. The specific vulnerabilities include:
– **CVE-2021-26086**: Atlassian Jira Server and Data Center Path Traversal Vulnerability
– **CVE-2014-2120**: Cisco ASA Cross-Site Scripting (XSS) Vulnerability
– **CVE-2021-41277**: Metabase GeoJSON API Local File Inclusion Vulnerability
– **CVE-2024-43451**: Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
– **CVE-2024-49039**: Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
* **Risks**: The text warns that these vulnerabilities are frequent attack vectors for malicious cyber actors, highlighting the urgent need for organizations to address them proactively.
* **Regulatory Framework**: The Binding Operational Directive (BOD) 22-01 establishes a requirement for Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities by specified due dates, thereby aiming to protect federal networks from active threats.
* **Wider Implication**: Although the directive targets FCEB agencies, CISA encourages all organizations to adopt similar practices in vulnerability management, thereby broadening the impact of this guidance across the private and public sectors.
* **Continuous Updates**: CISA’s catalog will be continually updated as new vulnerabilities come to light, reinforcing the dynamic nature of cybersecurity threats.
By emphasizing the significance of addressing these vulnerabilities promptly, the text serves as an essential reminder for security professionals to integrate effective vulnerability management into their organization’s security posture.