The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
The catalog lists vulnerabilities that carry a significant risk to the federal enterprise and are currently being actively exploited. The newly added vulnerabilities are the CVE-2020-5741 Plex Media Server Remote Code Execution Vulnerability and the CVE-2021-39144 XStream Remote Code Execution Vulnerability.
According to CISA, these types of vulnerabilities are frequent targets for malicious cyber actors and pose a significant risk to the federal enterprise. The agency urges all organizations to reduce their exposure to cyberattacks by prioritizing the timely remediation of catalog vulnerabilities as part of their vulnerability management practice.
The Known Exploited Vulnerabilities Catalog was established under Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.
While the directive only applies to FCEB agencies, CISA strongly recommends all organizations to take measures to reduce their exposure to cyberattacks.
CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. The catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that pose a significant risk to the federal enterprise and are currently being actively exploited.
Users can access the catalog to view newly added vulnerabilities and take appropriate action to protect their systems and data.
