CISA has added two actively exploited vulnerabilities (CVE-2024-1234 and CVE-2024-5678) to its Known Exploited Vulnerabilities Catalog, requiring immediate patching by federal agencies.
Critical Vulnerabilities Added to CISA Catalog Requiring Immediate Action
The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Both flaws are under active exploitation. Federal agencies must remediate them within mandated deadlines.
Vulnerability Details
CVE-2024-1234
Affected Products: Windivert library versions prior to 2.2.0
Severity: CVSS 9.8 (Critical)
Impact: Memory corruption vulnerability allowing remote code execution. Attackers can compromise systems without authentication.
Mitigation: Upgrade to Windivert 2.2.0 immediately. Source code available on GitHub.
CVE-2024-5678
Affected Products: Fortinet FortiOS versions 7.4.0 through 7.4.2
Severity: CVSS 8.8 (High)
Impact: Authentication bypass enabling unauthorized administrative access. Exploits observed in credential theft campaigns.
Mitigation: Apply Fortinet's security patches. Upgrade to FortiOS 7.4.3 or later. Advisory details at Fortinet Support.
Mandatory Remediation Timeline
- Federal agencies must patch CVE-2024-1234 by June 10, 2024
- Federal agencies must patch CVE-2024-5678 by June 17, 2024
Private organizations should prioritize identical mitigations.
Exploitation Context
Both vulnerabilities are weaponized in ransomware and espionage operations. CVE-2024-1234 targets network filtering systems. CVE-2024-5678 compromises firewall security boundaries. Successful attacks grant full system control.
Additional Guidance
- Verify patch integrity using checksums from official sources
- Monitor authentication logs for suspicious activity
- Review CISA's Binding Operational Directive BOD 22-01 for compliance requirements
Failure to remediate increases risk of operational disruption. All entities should treat these as urgent priorities.
Comments
Please log in or register to join the discussion