Brief

Here is a summary of the provided document:

Summary:

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which are actively being exploited by malicious actors. These vulnerabilities, identified by CVE-2023-35674, CVE-2023-20269, and CVE-2023-4863, pose significant risks to the federal enterprise and can be used as attack vectors. CISA advises Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities by the specified date to protect their networks against active threats. Furthermore, CISA encourages all organizations to prioritize timely remediation of catalog vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-35674 Android Framework Privilege Escalation Vulnerability
  • CVE-2023-20269 Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
  • CVE-2023-4863 Google Chrome Heap-Based Buffer Overflow Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Highlights content goes here...

Summary:

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, namely CVE-2023-35674, CVE-2023-20269, and CVE-2023-4863, have been identified as being actively exploited and pose significant risks to the federal enterprise.

The Known Exploited Vulnerabilities Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. It was established through Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by their due date to protect FCEB networks against active threats.

While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. This includes FCEB agencies, as well as other organizations that may be vulnerable to cyberattacks.

The three new vulnerabilities added to the catalog are:

CVE-2023-35674: Android Framework Privilege Escalation Vulnerability
CVE-2023-20269: Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
* CVE-2023-4863: Google Chrome Heap-Based Buffer Overflow Vulnerability

These vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Therefore, CISA recommends that all organizations take prompt action to remediate these vulnerabilities and reduce their exposure to cyberattacks.

For more information on the Known Exploited Vulnerabilities Catalog and BOD 22-01, please refer to the CISA website or contact your organization’s security team.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Login

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
$125 / month OR $1250 / year
Features
Best for: Researchers, Legal professionals, Academics
Enterprise Plan
Contact for Pricing
Features
Best for: Law Firms, Corporations, Government Bodies