GRI

CISA Adds Three Known Exploited Vulnerabilities to Catalog

News Cybersecurity English Guidance
Date: 25th Sep, 2023 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Summary:

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which is a living list of known vulnerabilities and exposures. The new vulnerabilities were added based on specific criteria to reduce exposure to cyberattacks. The catalog is sorted by descending dates, so new vulnerabilities are displayed first. These vulnerabilities are considered frequent attack vectors for malicious cyber actors, posing significant risks to the federal enterprise. The Federal Civilian Executive Branch (FCEB) requires agencies to remediate identified vulnerabilities to protect their networks against active threats.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-41991 Apple Multiple Products Improper Certificate Validation Vulnerability 
  • CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalation Vulnerability
  • CVE-2023-41993 Apple Multiple Products WebKit Code Execution Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Highlights content goes here...

Summary:

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog by adding three new vulnerabilities that have been evidence of active exploitation. The added vulnerabilities are:

1. CVE-2023-41991: Apple Multiple Products Improper Certificate Validation Vulnerability: This vulnerability affects Apple’s multiple products and allows an attacker to obtain sensitive information, potentially leading to a compromise of the affected systems.
2. CVE-2023-41992: Apple Multiple Products Kernel Privilege Escalation Vulnerability: This vulnerability enables an attacker to escalate privileges on affected Apple systems, granting them access to sensitive resources and data.
3. CVE-2023-41993: Apple Multiple Products WebKit Code Execution Vulnerability: This vulnerability allows an attacker to execute code on affected Apple systems, potentially leading to a complete system compromise.

These vulnerabilities are considered significant risks to the federal enterprise and are frequently used as attack vectors by malicious cyber actors. Therefore, it is crucial for organizations to prioritize timely remediation of these vulnerabilities as part of their vulnerability management practice.

In accordance with the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. CISA strongly urges all organizations, including those not bound by BOD 22-01, to follow this directive and reduce their exposure to cyberattacks by prioritizing the remediation of these vulnerabilities.

The Known Exploited Vulnerabilities Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria, ensuring that organizations are aware of the latest threat landscape and can take necessary measures to protect their networks and systems.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Medical device salesperson reporting procedure guide
Date: 5th Feb, 2025 Source: Ministry of Health and Welfare (MOHW) Country: South Korea
News Healthcare & Pharma Guidance
​The EBA issues an Opinion in response to the European Commission’s proposed amendments to the EBA draft technical standards on conflicts of interests for issuers of asset-referenced tokens
Date: 5th Feb, 2025 Source: European Banking Authority (EBA) Country: European Union
News Financial services Guidance
Low risk waste positions: electrical equipment, including constituent parts and accessories
Date: 5th Feb, 2025 Source: Environment Agency (EA) Country: United Kingdom
News Environment Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales