CISA Adds Two Known Exploited Vulnerabilities to Catalog

Summary:

The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, namely CVE-2023-4966 (Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability) and CVE-2021-1435 (Cisco IOS XE Web UI Command Injection Vulnerability). As per CISA's Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation of catalog vulnerabilities as part of their vulnerability management practice to reduce their exposure to cyberattacks.