The Cybersecurity and Infrastructure Security Agency has added eight actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch these flaws by specific deadlines to mitigate ongoing threat actor campaigns.
The Cybersecurity and Infrastructure Security Agency (CISA) has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, marking a significant expansion of the agency's efforts to track and mitigate actively exploited security flaws. These vulnerabilities span multiple vendors and product categories, reflecting the diverse threat landscape facing federal agencies and critical infrastructure operators.
The newly added vulnerabilities include:
Microsoft Windows Common Log File System Driver (CVE-2021-31955) - This vulnerability allows attackers to elevate privileges on affected systems, potentially enabling lateral movement and system compromise.
Pulse Connect Secure (CVE-2019-11510) - A critical flaw in Pulse Secure's VPN appliance that has been widely exploited by various threat actors, including nation-state groups, to gain initial access to networks.
Zoho ManageEngine ADSelfService Plus (CVE-2021-40539) - This authentication bypass vulnerability has been actively exploited in the wild, allowing unauthorized access to enterprise resources.
Cisco Adaptive Security Appliance Software (CVE-2020-3259) - A remote code execution vulnerability affecting Cisco's ASA and FTD devices, which has been leveraged by attackers to compromise network infrastructure.
SAP NetWeaver (CVE-2021-31345) - This vulnerability in SAP's enterprise software suite could allow attackers to execute arbitrary code on affected systems.
VMware Workspace ONE Access (CVE-2020-4006) - A critical flaw that could enable remote code execution on vulnerable VMware systems.
Microsoft Windows ALPC (CVE-2021-1732) - Another Windows privilege escalation vulnerability that attackers can exploit to gain elevated system access.
Apple iOS and iPadOS (CVE-2021-30883) - A WebKit vulnerability that could allow arbitrary code execution when processing maliciously crafted web content.
CISA's catalog serves as a critical resource for federal agencies, which are required to patch these vulnerabilities within specified timeframes. The agency's Binding Operational Directive (BOD) 22-01 mandates that federal civilian agencies remediate these flaws to reduce the attack surface available to threat actors.
The addition of these eight vulnerabilities underscores the persistent threat posed by known exploits in the wild. Many of these flaws have been actively used by ransomware groups, state-sponsored actors, and other malicious entities to compromise organizations across sectors.
For organizations outside the federal government, CISA's catalog serves as an early warning system, highlighting vulnerabilities that are being actively exploited and should be prioritized for remediation. The agency recommends that all organizations review the catalog regularly and implement patches for these critical vulnerabilities as soon as possible.
Security researchers note that several of these vulnerabilities have been known for years but continue to pose significant risks due to incomplete patching across enterprise environments. The persistence of these flaws in the wild demonstrates the challenges organizations face in maintaining comprehensive vulnerability management programs.
CISA emphasizes that while patching is the primary mitigation strategy, organizations should also implement compensating controls such as network segmentation, enhanced monitoring, and access controls to limit the potential impact of these vulnerabilities until patches can be applied.
The agency's ongoing efforts to catalog and track exploited vulnerabilities represent a critical component of the nation's cybersecurity defense strategy, providing actionable intelligence to defenders and creating accountability for federal agencies to maintain secure systems.
Comments
Please log in or register to join the discussion