Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

Nov 18, 2024

—

Source URL: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog
Source: Alerts
Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog

Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability
CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012 for additional information.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

AI Summary and Description: Yes

Summary: The text highlights recent additions to CISA’s Known Exploited Vulnerabilities Catalog, detailing specific vulnerabilities in Kemp and Palo Alto Networks’ systems that are actively exploited by malicious actors. It underscores the urgency of addressing these vulnerabilities, particularly for federal agencies, but also encourages all organizations to prioritize timely remediation.

Detailed Description: The content discusses critical vulnerabilities added to the CISA (Cybersecurity and Infrastructure Security Agency) Known Exploited Vulnerabilities Catalog. This catalog is an essential resource in cybersecurity, particularly for organizations aiming to maintain robust security postures against active cyber threats. Key points include:

– **New Vulnerabilities**:
– **CVE-2024-1212**: An OS Command Injection vulnerability identified in Progress Kemp LoadMaster.
– **CVE-2024-0012**: An Authentication Bypass vulnerability found in the Palo Alto Networks PAN-OS Management Interface.
– **CVE-2024-9474**: Another OS Command Injection vulnerability also associated with Palo Alto Networks’ PAN-OS Management Interface.

– **Operational Guidance**:
– Users and administrators are encouraged to review the Palo Alto Threat Brief related to CVE-2024-0012 for more insights into the threat landscape.

– **Federal Implications**:
– The vulnerabilities pose significant risks particularly to the federal enterprise, indicated by the commitment from CISA to monitor and address these vulnerabilities.
– The Binding Operational Directive (BOD) 22-01 emphasizes the obligation of Federal Civilian Executive Branch agencies to remediate identified vulnerabilities promptly. This directive serves as a regulatory mechanism to enhance federal cybersecurity resilience.

– **Broader Impact**:
– While BOD 22-01 targets federal agencies explicitly, CISA recommends that all organizations implement rigorous vulnerability management practices to mitigate exposure to cyberattacks.

– **Continuous Monitoring**:
– CISA plans to update the catalog regularly as new vulnerabilities are identified and evaluated.

In summary, the content not only brings attention to specific vulnerabilities that are critical for cybersecurity professionals to address immediately but also reflects on the importance of regulatory frameworks in guiding organizations towards effective cybersecurity practices. For security and compliance professionals, this serves as a reminder of the importance of timely patching and vulnerability management in risk reduction.

2 2024 4 Act active exploitation active threats administrators AI alerts art as attack attack vectors authentication Authentication Bypass authentication bypass vulnerability Binding Operational Directive by bypass C catalog CISA command command injection Command Injection Vulnerability Common Vulnerabilities and Exposures compliance compliance professionals continuous monitoring critical CVE cyber actors cyber threat cyber threats cyberattack Cyberattacks Cybersecurity Cybersecurity and Infrastructure Security Agency cybersecurity practices Cybersecurity Professionals Cybersecurity Resilience D directive e end enterprise event exploit Exploitation exploited vulnerabilities federal agencies Federal Civilian Executive Branch federal enterprise framework Gen Go guidance high Highlight http HTTPS implications in information infrastructure infrastructure security injection Injection vulnerability insights inter ite k Known Exploited Vulnerabilities Known Exploited Vulnerabilities Catalog l malicious actors malicious cyber actors management media monitoring network networks news NIST no o of on operation operational guidance organization organizations ory Palo Alto Palo Alto Networks Patch patching post professionals Progress prompt RCE regulatory regulatory framework regulatory frameworks remediation resilience Risk risk reduction risks robust security s sec security security and compliance security posture security postures security practices security professionals Sig SoC source SSE system systems threat landscape threats to Tor two up update user uth vectors vulnerabilities vulnerabilities catalog vulnerability Vulnerability Management vulnerability management practice x