The Cybersecurity and Infrastructure Security Agency (CISA) has identified three new vulnerabilities that have been exploited and pose significant risks to the federal enterprise.
These include two vulnerabilities in Microsoft products and one in Fortinet FortiOS.
The Known Exploited Vulnerabilities Catalog by the Binding Operational Directive 22-01, lists known Common Vulnerabilities and Exposures (CVEs).
BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.
The first vulnerability identified is CVE-2023-23397, a Microsoft Outlook Elevation of Privilege Vulnerability.
The next vulnerability is CVE-2023-24880, a Microsoft Windows SmartScreen Security Feature Bypass Vulnerability.
Finally, the third is CVE-2022-41328, a Fortinet FortiOS Path Traversal Vulnerability. All three vulnerabilities are frequently exploited by malicious cyber actors.
While BOD 22-01 only applies to FCEB agencies, CISA strongly recommends that all organizations prioritize timely remediation of Catalog vulnerabilities.
Futhermore, the agency has made the Known Exploited Vulnerabilities Catalog a living list, and it will continue to add vulnerabilities that meet the specified criteria to the catalog.
