CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
- CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerability
- CVE-2019-6693 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: