This week, the Cybersecurity and Infrastructure Security Agency (CISA) added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Three of the vulnerabilities must be fixed by civilian federal agencies before January 24, while the rest are scheduled to be fixed by July 10.

CISA said the list was “based on evidence that threat actors are actively exploiting the vulnerabilities,” noting that the vulnerabilities “are a common attack vector for malicious cyber actors of all types and pose a significant risk to the federal enterprise.”

The most urgent additions include a VMware vCenter Server improper access control vulnerability, a Hikvision improper input validation vulnerability, and a FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability.

The rest of the list includes vulnerabilities in Google Chrome, Microsoft Win32K, Microsoft…



Source link

Leave a Reply