CISA has added a new vulnerability to its known vulnerability catalog, based on active operating evidence,, As Fortinet confirmed.
These types of vulnerabilities are frequent attack vectors for malicious cyber-actors and have significant risks for the federal enterprise.
Operational Liaison Directive (BOD) 22-01: Reduction of the significant risk of known vulnerabilities used has established the catalog of vulnerabilities exploited known as a living list of known vulnerabilities and common exhibitions (CVE) which include a significant risk for the federal company. BOD 22-01 requires that federal civilian management agencies (FCEB) repair vulnerabilities identified by the due date to protect FCEB networks from active threats. See the BOD 22-01 information sheet for more information.
Although the BOB 22-01 only applies to the FCEB agencies, the CISA strongly urges all organizations to reduce their exposure to cyber attacks by prioritizing sanitation in a timely manner of the vulnerabilities of the catalog within the framework of their practice of vulnerability management. The CISA will continue to add vulnerabilities to the catalog which meets the specified criteria.
