CISA announced that it has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which are frequent attack vectors for cybercriminals and pose a significant risk to federal enterprises. The newly added vulnerabilities can be viewed in the catalog bay sorting them depending on the “date added to the catalog” column.
Binding Operational Directive
All 66 of the new vulnerabilities are currently being exploited by malicious cyber actors.
CISA stated that the new vulnerabilities were added based on evidence of active exploitation. Known Exploited Vulnerabilities Catalog was established by the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities as an active list of known threats that pose a significant risk to federal organizations.
BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date. While BOD 22-01 only applies to FCEB agencies, CISA also urges all organizations to prioritize remediations of the vulnerabilities in the catalog to reduce their exposure as a part of vulnerability management practice. When new vulnerabilities appear that meet the specified criteria, CISA will continue to add them to the catalog.