Critical Vulnerabilities Added to CISA’s Known Exploited Vulnerabilities Catalog

By /

Listen to this Post

2024-12-16

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, if exploited, could lead to severe security breaches.

Microsoft Windows Kernel-Mode Driver Vulnerability (CVE-2024-35250)

This vulnerability, rated 7.8 on the CVSS scale, could allow a local attacker with low complexity to elevate privileges to the SYSTEM level. This means an attacker could potentially gain complete control over an affected system.

Adobe ColdFusion Improper Access Control Vulnerability (CVE-2024-20767)

This vulnerability, rated 7.4 on the CVSS scale, could allow an attacker to read arbitrary files from a ColdFusion server. This could expose sensitive information, such as passwords, configuration files, or source code.

CISA Mandates Urgent Patching

CISA has issued a Binding Operational Directive (BOD) 22-01, which requires federal agencies to address these vulnerabilities by January 6, 2025. This directive underscores the severity of these vulnerabilities and the urgent need for remediation.

What Undercode Says:

The addition of these vulnerabilities to the KEV catalog highlights the ongoing threat landscape. Attackers are actively exploiting known vulnerabilities to compromise systems. It’s crucial for organizations of all sizes to prioritize patching and security best practices.

Key Takeaways:

Patch Promptly: Organizations should prioritize patching systems affected by these vulnerabilities to mitigate the risk of exploitation.
Implement Strong Access Controls: For organizations using Adobe ColdFusion, it’s essential to implement strong access controls to protect administrative panels from unauthorized access.
Stay Informed: Keep up-to-date with the latest security advisories and bulletins from CISA and other reputable sources.
Consider a Proactive Security Posture: Implement a proactive security posture that includes vulnerability scanning, intrusion detection, and security incident response plans.

By following these recommendations, organizations can significantly reduce their exposure to these and other emerging threats.

References:

Reported By: Securityaffairs.com
https://www.medium.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Explore More: