CommandLink
Company
CommandLink
Let's talk about how we can help you!
Partners
Partners
We are a partner centric organization

CISA Adds Two New Vulnerabilities to Known Exploited Vulnerabilities Catalog

CISA Adds Two New Vulnerabilities to Known Exploited Vulnerabilities Catalog

Release Date: September 16, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its Known Exploited Vulnerabilities Catalog, citing active exploitation in the wild. The addition of these vulnerabilities underscores the persistent risk they pose to federal agencies and organizations worldwide.

The newly added vulnerabilities are:

  • CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability
  • CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability

Both of these vulnerabilities are commonly exploited by cybercriminals to gain unauthorized access, manipulate systems, or steal sensitive data. They pose a significant risk to the federal enterprise, making their timely remediation a priority for affected systems.

Importance of Addressing Known Exploited Vulnerabilities

The inclusion of these vulnerabilities in the catalog is part of the ongoing effort tied to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to take immediate steps to remediate the listed vulnerabilities by a set deadline, ensuring that federal networks are protected against known active threats.

While BOD 22-01 applies directly to FCEB agencies, CISA strongly encourages all organizations—not just federal agencies—to address these vulnerabilities as part of their cybersecurity efforts. Remediating known vulnerabilities is a critical step in preventing malicious actors from exploiting weaknesses in systems, and CISA urges organizations to integrate the catalog into their vulnerability management processes.

Continuous Updates to the Catalog

CISA remains committed to updating the Known Exploited Vulnerabilities Catalog as more vulnerabilities meet the criteria for inclusion. These updates are vital in helping organizations stay informed and take action against emerging threats. Organizations are advised to regularly monitor the catalog and prioritize the timely remediation of any vulnerabilities that apply to their systems.

For more information about BOD 22-01 and how it impacts the cybersecurity landscape, visit the BOD 22-01 Fact Sheet on CISA’s official website.

Learn More About CommandLink:
Contact Page

ADDITIONAL

RESOURCES:

Library with dropdown

Schedule a Demo:

Schedule a Demo
22722 29th Drive SE Suite 100 Bothell, WA 98021
Single source platform to design, deploy and manage internet access, SD-WAN, SASE, security, cloud phone systems, & collaboration services in one unified SaaS platform.
Copyright CommandLink. All rights reserved.
apartmentcloudcloud-synccloud-checklockdicelicenseuserusersspell-checkscreenlaptop-phonechart-barsselectthumbs-upchevron-downmovelayers